From sle-updates at lists.suse.com Thu Jun 1 07:07:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:07:12 +0200 (CEST) Subject: SUSE-CU-2023:1693-1: Security update of suse/sles12sp4 Message-ID: <20230601070712.76BF9FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1693-1 Container Tags : suse/sles12sp4:26.607 , suse/sles12sp4:latest Container Release : 26.607 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2330-1 Released: Tue May 30 16:49:19 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_0_0 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - base-container-licenses-3.0-1.351 updated - container-suseconnect-2.0.0-1.233 updated - libopenssl1_0_0-1.0.2p-3.75.1 updated - openssl-1_0_0-1.0.2p-3.75.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:10:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:10:21 +0200 (CEST) Subject: SUSE-CU-2023:1694-1: Recommended update of suse/sle15 Message-ID: <20230601071021.6A980FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1694-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.774 Container Release : 6.2.774 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:12:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:12:37 +0200 (CEST) Subject: SUSE-CU-2023:1695-1: Recommended update of suse/sle15 Message-ID: <20230601071237.3DBDEFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1695-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.301 Container Release : 9.5.301 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:14:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:14:29 +0200 (CEST) Subject: SUSE-CU-2023:1696-1: Recommended update of suse/sle15 Message-ID: <20230601071429.58976FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1696-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.142 , suse/sle15:15.3 , suse/sle15:15.3.17.20.142 Container Release : 17.20.142 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:15:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:15:26 +0200 (CEST) Subject: SUSE-CU-2023:1697-1: Recommended update of suse/389-ds Message-ID: <20230601071526.AB84EFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1697-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.42 , suse/389-ds:latest Container Release : 21.42 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:16:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:16:26 +0200 (CEST) Subject: SUSE-CU-2023:1698-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230601071626.A1423FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1698-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.33 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.33 Container Release : 31.33 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:16:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:16:43 +0200 (CEST) Subject: SUSE-CU-2023:1699-1: Recommended update of bci/dotnet-aspnet Message-ID: <20230601071643.688B3FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1699-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.31 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.31 , bci/dotnet-aspnet:latest Container Release : 11.31 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:16:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:16:59 +0200 (CEST) Subject: SUSE-CU-2023:1700-1: Recommended update of suse/registry Message-ID: <20230601071659.C03B7FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1700-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-10.3 , suse/registry:latest Container Release : 10.3 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:18:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:18:10 +0200 (CEST) Subject: SUSE-CU-2023:1701-1: Recommended update of bci/dotnet-sdk Message-ID: <20230601071810.DDD0FFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1701-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.31 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.31 Container Release : 33.31 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:18:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:18:32 +0200 (CEST) Subject: SUSE-CU-2023:1702-1: Recommended update of bci/dotnet-sdk Message-ID: <20230601071832.169D9FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1702-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.3 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-12.3 , bci/dotnet-sdk:latest Container Release : 12.3 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:19:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:19:29 +0200 (CEST) Subject: SUSE-CU-2023:1703-1: Recommended update of bci/dotnet-runtime Message-ID: <20230601071929.0881BFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1703-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.31 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.31 Container Release : 30.31 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:19:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:19:43 +0200 (CEST) Subject: SUSE-CU-2023:1704-1: Recommended update of bci/dotnet-runtime Message-ID: <20230601071943.CB2BEFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1704-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.31 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.31 , bci/dotnet-runtime:latest Container Release : 11.31 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:19:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:19:56 +0200 (CEST) Subject: SUSE-CU-2023:1705-1: Recommended update of bci/golang Message-ID: <20230601071956.D0C3CFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1705-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.58 , bci/golang:latest Container Release : 2.58 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:20:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:20:51 +0200 (CEST) Subject: SUSE-CU-2023:1706-1: Recommended update of bci/bci-init Message-ID: <20230601072051.7DEA1FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1706-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.64 , bci/bci-init:latest Container Release : 26.64 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:21:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:21:10 +0200 (CEST) Subject: SUSE-CU-2023:1707-1: Recommended update of bci/bci-minimal Message-ID: <20230601072110.AA67BFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1707-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.19.6 , bci/bci-minimal:latest Container Release : 19.6 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 07:21:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:21:56 +0200 (CEST) Subject: SUSE-CU-2023:1708-1: Recommended update of bci/nodejs Message-ID: <20230601072156.79308FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1708-1 Container Tags : bci/node:16 , bci/node:16-15.62 , bci/nodejs:16 , bci/nodejs:16-15.62 Container Release : 15.62 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:22:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:22:13 +0200 (CEST) Subject: SUSE-CU-2023:1709-1: Recommended update of bci/nodejs Message-ID: <20230601072213.08D9EFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1709-1 Container Tags : bci/node:18 , bci/node:18-3.59 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.59 , bci/nodejs:latest Container Release : 3.59 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:23:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:23:09 +0200 (CEST) Subject: SUSE-CU-2023:1710-1: Recommended update of bci/openjdk Message-ID: <20230601072309.89B89FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1710-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.61 Container Release : 35.61 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:23:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:23:36 +0200 (CEST) Subject: SUSE-CU-2023:1711-1: Recommended update of bci/openjdk Message-ID: <20230601072336.B30A4FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1711-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.61 , bci/openjdk:latest Container Release : 13.61 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:24:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:24:45 +0200 (CEST) Subject: SUSE-CU-2023:1712-1: Recommended update of suse/pcp Message-ID: <20230601072445.A8470FC35@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1712-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.5 , suse/pcp:5.2 , suse/pcp:5.2-15.5 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.5 , suse/pcp:latest Container Release : 15.5 Severity : moderate Type : recommended References : 1210164 1210593 1210702 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - container:bci-bci-init-15.4-15.4-26.64 updated From sle-updates at lists.suse.com Thu Jun 1 07:24:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 09:24:56 +0200 (CEST) Subject: SUSE-CU-2023:1713-1: Recommended update of bci/php-apache Message-ID: <20230601072456.454ECFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1713-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.57 Container Release : 2.57 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 08:30:04 -0000 Subject: SUSE-RU-2023:2340-1: moderate: Recommended update for java-17-openjdk Message-ID: <168560820483.12921.16147581982472997103@smelt2.suse.de> # Recommended update for java-17-openjdk Announcement ID: SUSE-RU-2023:2340-1 Rating: moderate References: * #1210392 * #1211259 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for java-17-openjdk fixes the following issues: * In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather than 127 (SG#65673, bsc#1210392) * Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically * Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2340=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2340=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2340=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-17.0.7.0-150400.3.21.1 * java-17-openjdk-demo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debugsource-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-17.0.7.0-150400.3.21.1 * java-17-openjdk-jmods-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-17.0.7.0-150400.3.21.1 * java-17-openjdk-src-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-debuginfo-17.0.7.0-150400.3.21.1 * openSUSE Leap 15.4 (noarch) * java-17-openjdk-javadoc-17.0.7.0-150400.3.21.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-17.0.7.0-150400.3.21.1 * java-17-openjdk-demo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debugsource-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-debuginfo-17.0.7.0-150400.3.21.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-17-openjdk-17.0.7.0-150400.3.21.1 * java-17-openjdk-demo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-debugsource-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-debuginfo-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-17.0.7.0-150400.3.21.1 * java-17-openjdk-devel-17.0.7.0-150400.3.21.1 * java-17-openjdk-headless-debuginfo-17.0.7.0-150400.3.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210392 * https://bugzilla.suse.com/show_bug.cgi?id=1211259 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 08:30:06 -0000 Subject: SUSE-RU-2023:2339-1: moderate: Recommended update for cronie Message-ID: <168560820629.12921.8135878304962623001@smelt2.suse.de> # Recommended update for cronie Announcement ID: SUSE-RU-2023:2339-1 Rating: moderate References: * #1211066 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for cronie fixes the following issues: * Let systemd finish jobs executed by cron after it gets killed (bsc#1211066) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2339=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2339=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2339=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2339=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2339=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2339=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2339=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2339=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2339=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cronie-1.4.11-59.22.1 * cronie-debugsource-1.4.11-59.22.1 * cron-4.2-59.22.1 * cronie-debuginfo-1.4.11-59.22.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211066 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 08:30:07 -0000 Subject: SUSE-RU-2023:2338-1: moderate: Recommended update for krb5 Message-ID: <168560820780.12921.5127385440759852943@smelt2.suse.de> # Recommended update for krb5 Announcement ID: SUSE-RU-2023:2338-1 Rating: moderate References: * #1211411 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for krb5 fixes the following issues: * Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix (bsc#1211411) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2338=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2338=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2338=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2338=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * krb5-devel-1.12.5-40.49.1 * krb5-debuginfo-1.12.5-40.49.1 * krb5-debugsource-1.12.5-40.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * krb5-client-debuginfo-1.12.5-40.49.1 * krb5-debugsource-1.12.5-40.49.1 * krb5-client-1.12.5-40.49.1 * krb5-server-debuginfo-1.12.5-40.49.1 * krb5-doc-1.12.5-40.49.1 * krb5-plugin-preauth-otp-1.12.5-40.49.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.49.1 * krb5-server-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.49.1 * krb5-debuginfo-1.12.5-40.49.1 * krb5-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-1.12.5-40.49.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * krb5-32bit-1.12.5-40.49.1 * krb5-debuginfo-32bit-1.12.5-40.49.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * krb5-client-debuginfo-1.12.5-40.49.1 * krb5-debugsource-1.12.5-40.49.1 * krb5-client-1.12.5-40.49.1 * krb5-server-debuginfo-1.12.5-40.49.1 * krb5-doc-1.12.5-40.49.1 * krb5-plugin-preauth-otp-1.12.5-40.49.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.49.1 * krb5-server-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.49.1 * krb5-debuginfo-1.12.5-40.49.1 * krb5-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-1.12.5-40.49.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * krb5-32bit-1.12.5-40.49.1 * krb5-debuginfo-32bit-1.12.5-40.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * krb5-client-debuginfo-1.12.5-40.49.1 * krb5-debugsource-1.12.5-40.49.1 * krb5-client-1.12.5-40.49.1 * krb5-server-debuginfo-1.12.5-40.49.1 * krb5-doc-1.12.5-40.49.1 * krb5-plugin-preauth-otp-1.12.5-40.49.1 * krb5-plugin-preauth-otp-debuginfo-1.12.5-40.49.1 * krb5-server-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-1.12.5-40.49.1 * krb5-plugin-preauth-pkinit-debuginfo-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-debuginfo-1.12.5-40.49.1 * krb5-debuginfo-1.12.5-40.49.1 * krb5-1.12.5-40.49.1 * krb5-plugin-kdb-ldap-1.12.5-40.49.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * krb5-32bit-1.12.5-40.49.1 * krb5-debuginfo-32bit-1.12.5-40.49.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 08:30:09 -0000 Subject: SUSE-RU-2023:2337-1: moderate: Recommended update for vte Message-ID: <168560820977.12921.12871796159502591746@smelt2.suse.de> # Recommended update for vte Announcement ID: SUSE-RU-2023:2337-1 Rating: moderate References: * #1209028 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for vte fixes the following issues: * Better compatibility with newer vim behavior (bsc#1209028) * Support gperf (bsc#1209028) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2337=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2337=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2337=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2337=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2337=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2337=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2337=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2337=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2337=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2337=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE OpenStack Cloud 9 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * vte-debugsource-0.44.2-9.3.1 * vte-devel-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * vte-lang-0.44.2-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * vte-debugsource-0.44.2-9.3.1 * typelib-1_0-Vte-2.91-0.44.2-9.3.1 * libvte-2_91-0-0.44.2-9.3.1 * libvte-2_91-0-debuginfo-0.44.2-9.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * vte-lang-0.44.2-9.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209028 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 08:30:11 -0000 Subject: SUSE-RU-2023:2336-1: moderate: Recommended update for lsvpd Message-ID: <168560821120.12921.14409247045564365199@smelt2.suse.de> # Recommended update for lsvpd Announcement ID: SUSE-RU-2023:2336-1 Rating: moderate References: * #1208122 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for lsvpd fixes the following issues: * Fix NVMe information parsing with newer firmware (bsc#1208122) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2336=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2336=1 ## Package List: * openSUSE Leap 15.4 (ppc64le) * lsvpd-1.7.14-150400.3.10.1 * lsvpd-debuginfo-1.7.14-150400.3.10.1 * lsvpd-debugsource-1.7.14-150400.3.10.1 * Basesystem Module 15-SP4 (ppc64le) * lsvpd-1.7.14-150400.3.10.1 * lsvpd-debuginfo-1.7.14-150400.3.10.1 * lsvpd-debugsource-1.7.14-150400.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 09:05:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:05:00 +0200 (CEST) Subject: SUSE-CU-2023:1714-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230601090500.D6CC3FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1714-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.141 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.141 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.65 updated From sle-updates at lists.suse.com Thu Jun 1 09:05:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:05:25 +0200 (CEST) Subject: SUSE-CU-2023:1715-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230601090525.10039FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1715-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.37 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.37 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.65 updated From sle-updates at lists.suse.com Thu Jun 1 09:06:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:06:07 +0200 (CEST) Subject: SUSE-CU-2023:1713-1: Recommended update of bci/php-apache Message-ID: <20230601090607.1312EFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1713-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.57 Container Release : 2.57 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:06:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:06:16 +0200 (CEST) Subject: SUSE-CU-2023:1716-1: Recommended update of bci/php-fpm Message-ID: <20230601090616.E0824FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1716-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.56 Container Release : 2.56 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:06:27 +0200 (CEST) Subject: SUSE-CU-2023:1717-1: Recommended update of bci/php Message-ID: <20230601090627.12FB4FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1717-1 Container Tags : bci/php:8 , bci/php:8-2.55 Container Release : 2.55 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:07:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:07:08 +0200 (CEST) Subject: SUSE-CU-2023:1718-1: Recommended update of bci/python Message-ID: <20230601090708.B47E2FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1718-1 Container Tags : bci/python:3 , bci/python:3-13.3 , bci/python:3.10 , bci/python:3.10-13.3 Container Release : 13.3 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:07:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:07:10 +0200 (CEST) Subject: SUSE-CU-2023:1719-1: Recommended update of bci/python Message-ID: <20230601090710.59EE9FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1719-1 Container Tags : bci/python:3 , bci/python:3-2.3 , bci/python:3.11 , bci/python:3.11-2.3 , bci/python:latest Container Release : 2.3 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:07:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:07:56 +0200 (CEST) Subject: SUSE-CU-2023:1720-1: Recommended update of bci/python Message-ID: <20230601090756.C93F7FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1720-1 Container Tags : bci/python:3 , bci/python:3-35.57 , bci/python:3.6 , bci/python:3.6-35.57 Container Release : 35.57 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:08:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:08:40 +0200 (CEST) Subject: SUSE-CU-2023:1721-1: Recommended update of bci/ruby Message-ID: <20230601090840.90FBBFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1721-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.54 , bci/ruby:2.5 , bci/ruby:2.5-34.54 , bci/ruby:latest Container Release : 34.54 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:08:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:08:46 +0200 (CEST) Subject: SUSE-CU-2023:1722-1: Recommended update of bci/rust Message-ID: <20230601090846.186CCFCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1722-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-3.16 Container Release : 3.16 Severity : moderate Type : recommended References : 1210164 1210593 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:08:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:08:49 +0200 (CEST) Subject: SUSE-CU-2023:1723-1: Recommended update of bci/rust Message-ID: <20230601090849.337A5FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1723-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.14 , bci/rust:latest Container Release : 2.14 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated From sle-updates at lists.suse.com Thu Jun 1 09:08:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:08:50 +0200 (CEST) Subject: SUSE-CU-2023:1724-1: Recommended update of bci/rust Message-ID: <20230601090850.1AFE2FCFA@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1724-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.15 , bci/rust:latest Container Release : 2.15 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - container:sles15-image-15.0.0-27.14.64 updated From sle-updates at lists.suse.com Thu Jun 1 09:09:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 1 Jun 2023 11:09:24 +0200 (CEST) Subject: SUSE-CU-2023:1725-1: Recommended update of suse/sle15 Message-ID: <20230601090925.00371FCFA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1725-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.65 , suse/sle15:15.4 , suse/sle15:15.4.27.14.65 Container Release : 27.14.65 Severity : moderate Type : recommended References : 1210593 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated From sle-updates at lists.suse.com Thu Jun 1 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2345-1: low: Security update for ImageMagick Message-ID: <168562260269.10460.1059200492408101519@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:2345-1 Rating: low References: * #1211791 Cross-References: * CVE-2023-34151 CVSS scores: * CVE-2023-34151 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2345=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2345=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2345=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2345=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2345=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ImageMagick-devel-6.8.8.1-71.189.1 * ImageMagick-config-6-upstream-6.8.8.1-71.189.1 * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.189.1 * libMagick++-devel-6.8.8.1-71.189.1 * perl-PerlMagick-6.8.8.1-71.189.1 * ImageMagick-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.189.1 * ImageMagick-6.8.8.1-71.189.1 * perl-PerlMagick-debuginfo-6.8.8.1-71.189.1 * libMagick++-6_Q16-3-6.8.8.1-71.189.1 * ImageMagick-debugsource-6.8.8.1-71.189.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libMagickWand-6_Q16-1-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-upstream-6.8.8.1-71.189.1 * ImageMagick-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-6.8.8.1-71.189.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-debugsource-6.8.8.1-71.189.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libMagickWand-6_Q16-1-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-upstream-6.8.8.1-71.189.1 * ImageMagick-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-6.8.8.1-71.189.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-debugsource-6.8.8.1-71.189.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libMagickWand-6_Q16-1-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-upstream-6.8.8.1-71.189.1 * ImageMagick-debuginfo-6.8.8.1-71.189.1 * ImageMagick-config-6-SUSE-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-6.8.8.1-71.189.1 * libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.189.1 * ImageMagick-debugsource-6.8.8.1-71.189.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.189.1 * ImageMagick-debuginfo-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-32bit-6.8.8.1-71.189.1 * ImageMagick-6.8.8.1-71.189.1 * libMagick++-6_Q16-3-6.8.8.1-71.189.1 * libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.189.1 * ImageMagick-debugsource-6.8.8.1-71.189.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34151.html * https://bugzilla.suse.com/show_bug.cgi?id=1211791 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2344-1: important: Security update for ImageMagick Message-ID: <168562260603.10460.15395799229697631909@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:2344-1 Rating: important References: * #1211791 * #1211792 Cross-References: * CVE-2023-34151 * CVE-2023-34153 CVSS scores: * CVE-2023-34151 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-34153 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). * CVE-2023-34153: Fixed a command injection issue when encoding or decoding VIDEO files (bsc#1211792). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2344=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2344=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2344=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2344=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2344=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2344=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * ImageMagick-devel-7.1.0.9-150400.6.21.1 * ImageMagick-extra-7.1.0.9-150400.6.21.1 * libMagick++-devel-7.1.0.9-150400.6.21.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-7.1.0.9-150400.6.21.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1 * perl-PerlMagick-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 * openSUSE Leap 15.4 (x86_64) * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.21.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.21.1 * openSUSE Leap 15.4 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * ImageMagick-devel-7.1.0.9-150400.6.21.1 * ImageMagick-extra-7.1.0.9-150400.6.21.1 * libMagick++-devel-7.1.0.9-150400.6.21.1 * ImageMagick-extra-debuginfo-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-7.1.0.9-150400.6.21.1 * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1 * perl-PerlMagick-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 * openSUSE Leap 15.5 (x86_64) * libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1 * libMagick++-devel-32bit-7.1.0.9-150400.6.21.1 * ImageMagick-devel-32bit-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.21.1 * openSUSE Leap 15.5 (noarch) * ImageMagick-doc-7.1.0.9-150400.6.21.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * ImageMagick-devel-7.1.0.9-150400.6.21.1 * libMagick++-devel-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.21.1 * ImageMagick-devel-7.1.0.9-150400.6.21.1 * libMagick++-devel-7.1.0.9-150400.6.21.1 * libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-SUSE-7.1.0.9-150400.6.21.1 * ImageMagick-config-7-upstream-7.1.0.9-150400.6.21.1 * libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.21.1 * libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * perl-PerlMagick-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-PerlMagick-debuginfo-7.1.0.9-150400.6.21.1 * ImageMagick-debugsource-7.1.0.9-150400.6.21.1 * perl-PerlMagick-7.1.0.9-150400.6.21.1 * ImageMagick-debuginfo-7.1.0.9-150400.6.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34151.html * https://www.suse.com/security/cve/CVE-2023-34153.html * https://bugzilla.suse.com/show_bug.cgi?id=1211791 * https://bugzilla.suse.com/show_bug.cgi?id=1211792 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 12:30:08 -0000 Subject: SUSE-SU-2023:2343-1: important: Security update for openssl-1_1 Message-ID: <168562260857.10460.3298574202684375202@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2343-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2343=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2343=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2343=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2343=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2343=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2343=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2343=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2343=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2343=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2343=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2343=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2343=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2343=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2343=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2343=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2343=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Manager Proxy 4.2 (x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Manager Server 4.2 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Enterprise Storage 7.1 (noarch) * openssl-1_1-doc-1.1.1d-150200.11.65.1 * SUSE Enterprise Storage 7.1 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Enterprise Storage 7 (x86_64) * libopenssl1_1-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-32bit-1.1.1d-150200.11.65.1 * libopenssl1_1-32bit-debuginfo-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debugsource-1.1.1d-150200.11.65.1 * openssl-1_1-1.1.1d-150200.11.65.1 * openssl-1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-debuginfo-1.1.1d-150200.11.65.1 * libopenssl1_1-hmac-1.1.1d-150200.11.65.1 * libopenssl-1_1-devel-1.1.1d-150200.11.65.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 12:30:10 -0000 Subject: SUSE-SU-2023:2342-1: important: Security update for openssl-1_1 Message-ID: <168562261086.10460.9353713327494937833@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2342-1 Rating: important References: * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2342=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2342=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2342=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2342=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2342=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2342=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2342=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * openSUSE Leap 15.4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.37.1 * libopenssl1_1-32bit-1.1.1l-150400.7.37.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.37.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.37.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1l-150400.7.37.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-debugsource-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-1.1.1l-150400.7.37.1 * libopenssl1_1-1.1.1l-150400.7.37.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.37.1 * openssl-1_1-1.1.1l-150400.7.37.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.37.1 * libopenssl1_1-32bit-1.1.1l-150400.7.37.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.37.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.37.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 12:30:13 -0000 Subject: SUSE-RU-2023:2341-1: moderate: Recommended update for libsigc++2 Message-ID: <168562261354.10460.8116296577545387583@smelt2.suse.de> # Recommended update for libsigc++2 Announcement ID: SUSE-RU-2023:2341-1 Rating: moderate References: * #1209094 * #1209140 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for libsigc++2 fixes the following issues: * Remove executable permission for file (bsc#1209094, bsc#1209140) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2341=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2341=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2341=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2341=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2341=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2341=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2341=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2341=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc++2-devel-2.10.7-150400.3.3.1 * atkmm1_6-debugsource-2.28.3-150400.4.6.1 * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libatkmm-1_6-1-debuginfo-2.28.3-150400.4.6.1 * atkmm1_6-devel-2.28.3-150400.4.6.1 * libatkmm-1_6-1-2.28.3-150400.4.6.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * atkmm1_6-devel-32bit-2.28.3-150400.4.6.1 * libatkmm-1_6-1-32bit-debuginfo-2.28.3-150400.4.6.1 * libatkmm-1_6-1-32bit-2.28.3-150400.4.6.1 * libsigc-2_0-0-32bit-2.10.7-150400.3.3.1 * libsigc-2_0-0-32bit-debuginfo-2.10.7-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libsigc++2-debugsource-2.10.7-150400.3.3.1 * libsigc-2_0-0-debuginfo-2.10.7-150400.3.3.1 * libsigc++2-devel-2.10.7-150400.3.3.1 * libsigc-2_0-0-2.10.7-150400.3.3.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libatkmm-1_6-1-debuginfo-2.28.3-150400.4.6.1 * libatkmm-1_6-1-2.28.3-150400.4.6.1 * atkmm1_6-devel-2.28.3-150400.4.6.1 * atkmm1_6-debugsource-2.28.3-150400.4.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209094 * https://bugzilla.suse.com/show_bug.cgi?id=1209140 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 16:30:01 -0000 Subject: SUSE-RU-2023:2352-1: moderate: Recommended update for kubernetes1.24 client Message-ID: <168563700140.20018.9845085689066026900@smelt2.suse.de> # Recommended update for kubernetes1.24 client Announcement ID: SUSE-RU-2023:2352-1 Rating: moderate References: Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for kubernetes1.24 client fixes the following issues: This update provides the kubernetes client in version 1.24. (jsc#PED-4120) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2352=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2352=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.13-150400.9.3.3 * kubernetes1.24-client-1.24.13-150400.9.3.3 * openSUSE Leap 15.4 (noarch) * kubernetes1.24-client-bash-completion-1.24.13-150400.9.3.3 * kubernetes1.24-client-fish-completion-1.24.13-150400.9.3.3 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.13-150400.9.3.3 * kubernetes1.24-client-1.24.13-150400.9.3.3 ## References: * https://jira.suse.com/browse/PED-4120 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2351-1: moderate: Security update for installation-images Message-ID: <168563700390.20018.11031642241517407341@smelt2.suse.de> # Security update for installation-images Announcement ID: SUSE-SU-2023:2351-1 Rating: moderate References: * #1209188 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has one fix can now be installed. ## Description: This update of installation-images fixes the following issues: * rebuild the package with the new secure boot key (bsc#1209188). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2351=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2351=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (noarch) * tftpboot-installation-SLE-Micro-5.2-s390x-16.56.14-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.2-aarch64-16.56.14-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.2-x86_64-16.56.14-150300.3.2.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * tftpboot-installation-SLE-Micro-5.2-s390x-16.56.14-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.2-aarch64-16.56.14-150300.3.2.1 * tftpboot-installation-SLE-Micro-5.2-x86_64-16.56.14-150300.3.2.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2347-1: important: Security update for cups Message-ID: <168563700636.20018.2226881035242073158@smelt2.suse.de> # Security update for cups Announcement ID: SUSE-SU-2023:2347-1 Rating: important References: * #1211643 Cross-References: * CVE-2023-32324 CVSS scores: * CVE-2023-32324 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2347=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2347=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2347=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2347=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2347=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2347=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2347=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2347=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2347=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2347=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2347=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2347=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2347=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2347=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2347=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2347=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2347=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2347=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2347=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2347=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2347=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2347=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2347=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2347=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2347=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2347=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2347=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2347=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2347=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2347=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * openSUSE Leap 15.4 (x86_64) * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-32bit-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-32bit-2.2.7-150000.3.43.1 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-32bit-2.2.7-150000.3.43.1 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupsimage2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.43.1 * cups-devel-32bit-2.2.7-150000.3.43.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * openSUSE Leap 15.5 (x86_64) * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-32bit-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-32bit-2.2.7-150000.3.43.1 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-32bit-2.2.7-150000.3.43.1 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupsimage2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.43.1 * cups-devel-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * Basesystem Module 15-SP4 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * Desktop Applications Module 15-SP5 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * cups-config-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Manager Proxy 4.2 (x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Manager Server 4.2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Enterprise Storage 7.1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * cups-config-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * SUSE Enterprise Storage 7 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * SUSE CaaS Platform 4.0 (x86_64) * cups-config-2.2.7-150000.3.43.1 * libcupscgi1-2.2.7-150000.3.43.1 * cups-ddk-2.2.7-150000.3.43.1 * libcupsmime1-debuginfo-2.2.7-150000.3.43.1 * libcups2-32bit-2.2.7-150000.3.43.1 * libcupscgi1-debuginfo-2.2.7-150000.3.43.1 * cups-2.2.7-150000.3.43.1 * libcupsimage2-debuginfo-2.2.7-150000.3.43.1 * cups-client-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-client-2.2.7-150000.3.43.1 * cups-devel-2.2.7-150000.3.43.1 * cups-ddk-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-2.2.7-150000.3.43.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.43.1 * libcupsmime1-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.43.1 * libcupsimage2-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * cups-config-2.2.7-150000.3.43.1 * libcups2-debuginfo-2.2.7-150000.3.43.1 * cups-debugsource-2.2.7-150000.3.43.1 * cups-debuginfo-2.2.7-150000.3.43.1 * libcups2-2.2.7-150000.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32324.html * https://bugzilla.suse.com/show_bug.cgi?id=1211643 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 1 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 01 Jun 2023 16:30:09 -0000 Subject: SUSE-SU-2023:2346-1: important: Security update for cups Message-ID: <168563700942.20018.9125795788263906302@smelt2.suse.de> # Security update for cups Announcement ID: SUSE-SU-2023:2346-1 Rating: important References: * #1211643 Cross-References: * CVE-2023-32324 CVSS scores: * CVE-2023-32324 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2346=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2346=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2346=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2346=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2346=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2346=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2346=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2346=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2346=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2346=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-debuginfo-1.7.5-20.39.1 * cups-devel-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-ddk-1.7.5-20.39.1 * cups-ddk-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * cups-libs-1.7.5-20.39.1 * cups-debuginfo-1.7.5-20.39.1 * cups-client-1.7.5-20.39.1 * cups-client-debuginfo-1.7.5-20.39.1 * cups-debugsource-1.7.5-20.39.1 * cups-1.7.5-20.39.1 * cups-libs-debuginfo-1.7.5-20.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * cups-libs-debuginfo-32bit-1.7.5-20.39.1 * cups-libs-32bit-1.7.5-20.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32324.html * https://bugzilla.suse.com/show_bug.cgi?id=1211643 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 07:05:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:05:19 +0200 (CEST) Subject: SUSE-CU-2023:1727-1: Recommended update of suse/sles12sp4 Message-ID: <20230602070519.261FFFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1727-1 Container Tags : suse/sles12sp4:26.608 , suse/sles12sp4:latest Container Release : 26.608 Severity : moderate Type : recommended References : 1211411 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2338-1 Released: Thu Jun 1 09:45:35 2023 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1211411 This update for krb5 fixes the following issues: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix (bsc#1211411) The following package changes have been done: - base-container-licenses-3.0-1.352 updated - container-suseconnect-2.0.0-1.234 updated - krb5-1.12.5-40.49.1 updated From sle-updates at lists.suse.com Fri Jun 2 07:07:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:07:33 +0200 (CEST) Subject: SUSE-CU-2023:1728-1: Recommended update of suse/sles12sp5 Message-ID: <20230602070733.1A2BAFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1728-1 Container Tags : suse/sles12sp5:6.5.475 , suse/sles12sp5:latest Container Release : 6.5.475 Severity : moderate Type : recommended References : 1211411 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2338-1 Released: Thu Jun 1 09:45:35 2023 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1211411 This update for krb5 fixes the following issues: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix (bsc#1211411) The following package changes have been done: - krb5-1.12.5-40.49.1 updated From sle-updates at lists.suse.com Fri Jun 2 07:10:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:10:08 +0200 (CEST) Subject: SUSE-CU-2023:1729-1: Security update of suse/sle15 Message-ID: <20230602071008.81128FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1729-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.302 Container Release : 9.5.302 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated From sle-updates at lists.suse.com Fri Jun 2 07:10:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:10:56 +0200 (CEST) Subject: SUSE-CU-2023:1730-1: Security update of bci/golang Message-ID: <20230602071056.7DA41FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1730-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-22.60 Container Release : 22.60 Severity : important Type : security References : 1210593 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Fri Jun 2 07:11:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:11:10 +0200 (CEST) Subject: SUSE-CU-2023:1731-1: Security update of bci/golang Message-ID: <20230602071110.7DF55FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1731-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-2.59 , bci/golang:latest Container Release : 2.59 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Fri Jun 2 07:12:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:12:06 +0200 (CEST) Subject: SUSE-CU-2023:1732-1: Security update of bci/bci-init Message-ID: <20230602071206.44999FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1732-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.26.65 , bci/bci-init:latest Container Release : 26.65 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Fri Jun 2 07:12:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:12:53 +0200 (CEST) Subject: SUSE-CU-2023:1733-1: Security update of bci/nodejs Message-ID: <20230602071253.2817EFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1733-1 Container Tags : bci/node:16 , bci/node:16-15.63 , bci/nodejs:16 , bci/nodejs:16-15.63 Container Release : 15.63 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Fri Jun 2 07:13:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:13:10 +0200 (CEST) Subject: SUSE-CU-2023:1734-1: Security update of bci/nodejs Message-ID: <20230602071310.7089DFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1734-1 Container Tags : bci/node:18 , bci/node:18-3.60 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.60 , bci/nodejs:latest Container Release : 3.60 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Fri Jun 2 07:13:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 2 Jun 2023 09:13:55 +0200 (CEST) Subject: SUSE-CU-2023:1735-1: Security update of suse/sle15 Message-ID: <20230602071355.84F48FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1735-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.66 , suse/sle15:15.4 , suse/sle15:15.4.27.14.66 Container Release : 27.14.66 Severity : important Type : security References : 1209094 1209140 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated From sle-updates at lists.suse.com Fri Jun 2 08:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 08:30:01 -0000 Subject: SUSE-RU-2023:2353-1: moderate: Recommended update for librelp Message-ID: <168569460195.11986.10073987018120041686@smelt2.suse.de> # Recommended update for librelp Announcement ID: SUSE-RU-2023:2353-1 Rating: moderate References: * #1209660 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for librelp fixes the following issues: * suppress multiple open commands (bsc#1209660) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2353=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2353=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2353=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2353=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x) * librelp-devel-1.2.15-3.9.1 * librelp-debugsource-1.2.15-3.9.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * librelp0-debuginfo-1.2.15-3.9.1 * librelp0-1.2.15-3.9.1 * librelp-debugsource-1.2.15-3.9.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x) * librelp0-debuginfo-1.2.15-3.9.1 * librelp0-1.2.15-3.9.1 * librelp-debugsource-1.2.15-3.9.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * librelp0-debuginfo-1.2.15-3.9.1 * librelp0-1.2.15-3.9.1 * librelp-debugsource-1.2.15-3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209660 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2360-1: important: Security update for openvswitch Message-ID: <168570900366.12937.10697074099609019101@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2360-1 Rating: important References: * #1188524 * #1203865 * #1206580 * #1206581 Cross-References: * CVE-2021-36980 * CVE-2022-32166 * CVE-2022-4337 * CVE-2022-4338 CVSS scores: * CVE-2021-36980 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2021-36980 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2022-32166 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H * CVE-2022-32166 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4337 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4337 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4338 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-4338 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580). * CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581). * CVE-2022-32166: Fixed a out of bounds read in minimask_equal() (bsc#1203865). * CVE-2021-36980: Fixed a use-after-free issue during the decoding of a RAW_ENCAP action (bsc#1188524). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2360=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2360=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2360=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2360=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2360=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * openvswitch-debugsource-2.8.10-4.33.1 * libopenvswitch-2_8-0-2.8.10-4.33.1 * openvswitch-2.8.10-4.33.1 * openvswitch-debuginfo-2.8.10-4.33.1 * libopenvswitch-2_8-0-debuginfo-2.8.10-4.33.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * openvswitch-debugsource-2.8.10-4.33.1 * libopenvswitch-2_8-0-2.8.10-4.33.1 * openvswitch-2.8.10-4.33.1 * openvswitch-debuginfo-2.8.10-4.33.1 * libopenvswitch-2_8-0-debuginfo-2.8.10-4.33.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * openvswitch-debugsource-2.8.10-4.33.1 * libopenvswitch-2_8-0-2.8.10-4.33.1 * openvswitch-2.8.10-4.33.1 * openvswitch-debuginfo-2.8.10-4.33.1 * libopenvswitch-2_8-0-debuginfo-2.8.10-4.33.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * openvswitch-debugsource-2.8.10-4.33.1 * libopenvswitch-2_8-0-2.8.10-4.33.1 * openvswitch-2.8.10-4.33.1 * openvswitch-debuginfo-2.8.10-4.33.1 * libopenvswitch-2_8-0-debuginfo-2.8.10-4.33.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * openvswitch-debugsource-2.8.10-4.33.1 * libopenvswitch-2_8-0-2.8.10-4.33.1 * openvswitch-2.8.10-4.33.1 * openvswitch-debuginfo-2.8.10-4.33.1 * libopenvswitch-2_8-0-debuginfo-2.8.10-4.33.1 ## References: * https://www.suse.com/security/cve/CVE-2021-36980.html * https://www.suse.com/security/cve/CVE-2022-32166.html * https://www.suse.com/security/cve/CVE-2022-4337.html * https://www.suse.com/security/cve/CVE-2022-4338.html * https://bugzilla.suse.com/show_bug.cgi?id=1188524 * https://bugzilla.suse.com/show_bug.cgi?id=1203865 * https://bugzilla.suse.com/show_bug.cgi?id=1206580 * https://bugzilla.suse.com/show_bug.cgi?id=1206581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:07 -0000 Subject: SUSE-SU-2023:2358-1: important: Security update for qemu Message-ID: <168570900758.12937.8390270056652145312@smelt2.suse.de> # Security update for qemu Announcement ID: SUSE-SU-2023:2358-1 Rating: important References: * #1187529 * #1192463 * #1193621 * #1193880 * #1198035 * #1198037 * #1198038 Cross-References: * CVE-2021-3929 * CVE-2021-4206 * CVE-2021-4207 * CVE-2022-0216 CVSS scores: * CVE-2021-3929 ( SUSE ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-3929 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4206 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4206 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4207 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2021-4207 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H * CVE-2022-0216 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H * CVE-2022-0216 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 An update that solves four vulnerabilities and has three fixes can now be installed. ## Description: This update for qemu fixes the following issues: * CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout() in hw/scsi/lsi53c895a.c (bsc#1198038). * CVE-2021-3929: Fixed use-after-free in nvme, caused by DMA reentrancy issue (bsc#1193880). * CVE-2021-4207: Fixed heap buffer overflow caused by double fetch in qxl_cursor() (bsc#1198037). * CVE-2021-4206: Fixed integer overflow in cursor_alloc() (bsc#1198035). * Amend .changes file: avoid declaring a still unfixed CVE, as fixed (bsc#1187529) * Fix the build breaks caused by binutils update (bsc#1192463, bsc#1193621) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2358=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * qemu-tools-2.6.2-41.76.1 * qemu-x86-2.6.2-41.76.1 * qemu-block-rbd-2.6.2-41.76.1 * qemu-guest-agent-2.6.2-41.76.1 * qemu-lang-2.6.2-41.76.1 * qemu-x86-debuginfo-2.6.2-41.76.1 * qemu-guest-agent-debuginfo-2.6.2-41.76.1 * qemu-block-curl-2.6.2-41.76.1 * qemu-tools-debuginfo-2.6.2-41.76.1 * qemu-block-curl-debuginfo-2.6.2-41.76.1 * qemu-kvm-2.6.2-41.76.1 * qemu-2.6.2-41.76.1 * qemu-block-ssh-debuginfo-2.6.2-41.76.1 * qemu-debugsource-2.6.2-41.76.1 * qemu-block-rbd-debuginfo-2.6.2-41.76.1 * qemu-block-ssh-2.6.2-41.76.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * qemu-sgabios-8-41.76.1 * qemu-ipxe-1.0.0-41.76.1 * qemu-seabios-1.9.1_0_gb3ef39f-41.76.1 * qemu-vgabios-1.9.1_0_gb3ef39f-41.76.1 ## References: * https://www.suse.com/security/cve/CVE-2021-3929.html * https://www.suse.com/security/cve/CVE-2021-4206.html * https://www.suse.com/security/cve/CVE-2021-4207.html * https://www.suse.com/security/cve/CVE-2022-0216.html * https://bugzilla.suse.com/show_bug.cgi?id=1187529 * https://bugzilla.suse.com/show_bug.cgi?id=1192463 * https://bugzilla.suse.com/show_bug.cgi?id=1193621 * https://bugzilla.suse.com/show_bug.cgi?id=1193880 * https://bugzilla.suse.com/show_bug.cgi?id=1198035 * https://bugzilla.suse.com/show_bug.cgi?id=1198037 * https://bugzilla.suse.com/show_bug.cgi?id=1198038 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2357-1: low: Security update for ImageMagick Message-ID: <168570900923.12937.11386570908430907295@smelt2.suse.de> # Security update for ImageMagick Announcement ID: SUSE-SU-2023:2357-1 Rating: low References: * #1211791 Cross-References: * CVE-2023-34151 CVSS scores: * CVE-2023-34151 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for ImageMagick fixes the following issues: * CVE-2023-34151: Fixed an undefined behavior issue due to floating point truncation (bsc#1211791). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2357=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2357=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.48.1 * libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.48.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.48.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.48.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.48.1 * ImageMagick-config-7-upstream-7.0.7.34-150200.10.48.1 * ImageMagick-config-7-SUSE-7.0.7.34-150200.10.48.1 * ImageMagick-debuginfo-7.0.7.34-150200.10.48.1 * libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.48.1 * ImageMagick-debugsource-7.0.7.34-150200.10.48.1 * libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.48.1 * perl-PerlMagick-7.0.7.34-150200.10.48.1 * ImageMagick-devel-7.0.7.34-150200.10.48.1 * ImageMagick-7.0.7.34-150200.10.48.1 * perl-PerlMagick-debuginfo-7.0.7.34-150200.10.48.1 * libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.48.1 * libMagick++-devel-7.0.7.34-150200.10.48.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34151.html * https://bugzilla.suse.com/show_bug.cgi?id=1211791 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:12 -0000 Subject: SUSE-SU-2023:2356-1: moderate: Security update for libvirt Message-ID: <168570901275.12937.1948205430420763621@smelt2.suse.de> # Security update for libvirt Announcement ID: SUSE-SU-2023:2356-1 Rating: moderate References: * #1183247 * #1199583 * #1208567 * #1209861 * #1211390 Cross-References: * CVE-2023-2700 CVSS scores: * CVE-2023-2700 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2700 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has four fixes can now be installed. ## Description: This update for libvirt fixes the following issues: * CVE-2023-2700: Fixed a memory leak that could be triggered by repeatedly querying an SR-IOV PCI device's capabilities (bsc#1211390). Non-security fixes: * Fixed a potential crash during driver cleanup (bsc#1209861). * Added Apparmor support for SUSE edk2 firmware paths (boo#1208567). * Fixed lxc container initialization with systemd and hybrid groups (boo#1183247). * Added the option to specify the virtual CPU address size in bits for qemu (bsc#1199583). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2356=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2356=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2356=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2356=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2356=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2356=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2356=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2356=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libvirt-8.0.0-150400.7.6.1 * libvirt-daemon-config-network-8.0.0-150400.7.6.1 * wireshark-plugin-libvirt-8.0.0-150400.7.6.1 * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-config-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-lxc-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-devel-8.0.0-150400.7.6.1 * wireshark-plugin-libvirt-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-nss-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-nss-8.0.0-150400.7.6.1 * libvirt-lock-sanlock-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-lock-sanlock-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-lxc-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-gluster-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-hooks-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-gluster-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-lxc-debuginfo-8.0.0-150400.7.6.1 * openSUSE Leap 15.4 (x86_64) * libvirt-client-32bit-debuginfo-8.0.0-150400.7.6.1 * libvirt-devel-32bit-8.0.0-150400.7.6.1 * libvirt-daemon-xen-8.0.0-150400.7.6.1 * libvirt-daemon-driver-libxl-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-libxl-8.0.0-150400.7.6.1 * openSUSE Leap 15.4 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * openSUSE Leap 15.4 (noarch) * libvirt-doc-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libvirt-libs-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-libs-debuginfo-8.0.0-150400.7.6.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libvirt-8.0.0-150400.7.6.1 * libvirt-daemon-config-network-8.0.0-150400.7.6.1 * libvirt-client-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-config-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-qemu-8.0.0-150400.7.6.1 * libvirt-devel-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nodedev-debuginfo-8.0.0-150400.7.6.1 * libvirt-nss-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-debuginfo-8.0.0-150400.7.6.1 * libvirt-nss-8.0.0-150400.7.6.1 * libvirt-lock-sanlock-8.0.0-150400.7.6.1 * libvirt-daemon-driver-secret-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-disk-debuginfo-8.0.0-150400.7.6.1 * libvirt-client-8.0.0-150400.7.6.1 * libvirt-daemon-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-8.0.0-150400.7.6.1 * libvirt-lock-sanlock-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-interface-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-debuginfo-8.0.0-150400.7.6.1 * libvirt-debugsource-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-logical-8.0.0-150400.7.6.1 * libvirt-daemon-driver-network-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-nwfilter-8.0.0-150400.7.6.1 * libvirt-daemon-hooks-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-mpath-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-core-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-scsi-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-qemu-debuginfo-8.0.0-150400.7.6.1 * Server Applications Module 15-SP4 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-storage-rbd-8.0.0-150400.7.6.1 * Server Applications Module 15-SP4 (noarch) * libvirt-doc-8.0.0-150400.7.6.1 * Server Applications Module 15-SP4 (x86_64) * libvirt-daemon-xen-8.0.0-150400.7.6.1 * libvirt-daemon-driver-libxl-debuginfo-8.0.0-150400.7.6.1 * libvirt-daemon-driver-libxl-8.0.0-150400.7.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2700.html * https://bugzilla.suse.com/show_bug.cgi?id=1183247 * https://bugzilla.suse.com/show_bug.cgi?id=1199583 * https://bugzilla.suse.com/show_bug.cgi?id=1208567 * https://bugzilla.suse.com/show_bug.cgi?id=1209861 * https://bugzilla.suse.com/show_bug.cgi?id=1211390 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:15 -0000 Subject: SUSE-RU-2023:2355-1: moderate: Recommended update for librelp Message-ID: <168570901546.12937.3976003027121577546@smelt2.suse.de> # Recommended update for librelp Announcement ID: SUSE-RU-2023:2355-1 Rating: moderate References: * #1210649 Affected Products: * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for librelp fixes the following issues: * update to librelp 1.11.0 (bsc#1210649) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2355=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2355=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2355=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * librelp0-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210649 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 12:30:17 -0000 Subject: SUSE-RU-2023:2354-1: low: Recommended update for yast2-transfer Message-ID: <168570901740.12937.3072351994206768056@smelt2.suse.de> # Recommended update for yast2-transfer Announcement ID: SUSE-RU-2023:2354-1 Rating: low References: * #1208754 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-transfer fixes the following issues * Fixed TFTP download, truncate the target file to avoid garbage at the end of the file when saving to an already existing file (bsc#1208754) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2354=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2354=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2354=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debuginfo-4.4.2-150400.3.3.2 * yast2-transfer-4.4.2-150400.3.3.2 * yast2-transfer-debugsource-4.4.2-150400.3.3.2 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Manager Retail Branch Server 4.3 (x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * SUSE Manager Proxy 4.3 (x86_64) * yast2-transfer-4.4.2-150400.3.3.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * yast2-transfer-debuginfo-4.4.2-150400.3.3.2 * yast2-transfer-4.4.2-150400.3.3.2 * yast2-transfer-debugsource-4.4.2-150400.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208754 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 2 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 02 Jun 2023 16:30:02 -0000 Subject: SUSE-RU-2023:2361-1: moderate: Recommended update for smartmontools Message-ID: <168572340233.30159.13942758569521978775@smelt2.suse.de> # Recommended update for smartmontools Announcement ID: SUSE-RU-2023:2361-1 Rating: moderate References: * #1095662 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for smartmontools fixes the following issue: * Fix smartd.service EnvironmentFile (bsc#1095662). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2361=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2361=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2361=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * smartmontools-debugsource-6.6-150000.5.3.1 * smartmontools-debuginfo-6.6-150000.5.3.1 * smartmontools-6.6-150000.5.3.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * smartmontools-debugsource-6.6-150000.5.3.1 * smartmontools-debuginfo-6.6-150000.5.3.1 * smartmontools-6.6-150000.5.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * smartmontools-debugsource-6.6-150000.5.3.1 * smartmontools-debuginfo-6.6-150000.5.3.1 * smartmontools-6.6-150000.5.3.1 * SUSE CaaS Platform 4.0 (x86_64) * smartmontools-debugsource-6.6-150000.5.3.1 * smartmontools-debuginfo-6.6-150000.5.3.1 * smartmontools-6.6-150000.5.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1095662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Jun 3 07:06:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:06:37 +0200 (CEST) Subject: SUSE-CU-2023:1753-1: Security update of suse/sle15 Message-ID: <20230603070637.9732FFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1753-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.143 , suse/sle15:15.3 , suse/sle15:15.3.17.20.143 Container Release : 17.20.143 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated From sle-updates at lists.suse.com Sat Jun 3 07:07:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:07:33 +0200 (CEST) Subject: SUSE-CU-2023:1754-1: Security update of suse/389-ds Message-ID: <20230603070733.177B7FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1754-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-21.43 , suse/389-ds:latest Container Release : 21.43 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:08:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:08:31 +0200 (CEST) Subject: SUSE-CU-2023:1755-1: Security update of bci/dotnet-aspnet Message-ID: <20230603070831.A9981FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1755-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-31.34 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-31.34 Container Release : 31.34 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:08:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:08:49 +0200 (CEST) Subject: SUSE-CU-2023:1756-1: Security update of bci/dotnet-aspnet Message-ID: <20230603070849.1B900FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1756-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-11.32 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-11.32 , bci/dotnet-aspnet:latest Container Release : 11.32 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:09:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:09:05 +0200 (CEST) Subject: SUSE-CU-2023:1757-1: Security update of suse/registry Message-ID: <20230603070905.69722FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1757-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-10.4 , suse/registry:latest Container Release : 10.4 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated From sle-updates at lists.suse.com Sat Jun 3 07:10:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:10:15 +0200 (CEST) Subject: SUSE-CU-2023:1758-1: Security update of bci/dotnet-sdk Message-ID: <20230603071015.6DD8CFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1758-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-33.32 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-33.32 Container Release : 33.32 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:10:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:10:38 +0200 (CEST) Subject: SUSE-CU-2023:1759-1: Security update of bci/dotnet-sdk Message-ID: <20230603071038.6CD46FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1759-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-12.4 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-12.4 , bci/dotnet-sdk:latest Container Release : 12.4 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:11:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:11:37 +0200 (CEST) Subject: SUSE-CU-2023:1760-1: Security update of bci/dotnet-runtime Message-ID: <20230603071137.38A1BFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1760-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-30.32 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-30.32 Container Release : 30.32 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:11:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:11:53 +0200 (CEST) Subject: SUSE-CU-2023:1761-1: Security update of bci/dotnet-runtime Message-ID: <20230603071153.11552FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1761-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-11.32 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-11.32 , bci/dotnet-runtime:latest Container Release : 11.32 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:12:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:12:49 +0200 (CEST) Subject: SUSE-CU-2023:1762-1: Security update of bci/openjdk Message-ID: <20230603071249.84F0EFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1762-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-35.62 Container Release : 35.62 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:13:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:13:17 +0200 (CEST) Subject: SUSE-CU-2023:1763-1: Security update of bci/openjdk Message-ID: <20230603071317.42AF3FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1763-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-13.63 , bci/openjdk:latest Container Release : 13.63 Severity : important Type : security References : 1210392 1211259 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2340-1 Released: Thu Jun 1 09:46:52 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1210392,1211259 This update for java-17-openjdk fixes the following issues: - In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather than 127 (SG#65673, bsc#1210392) - Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically - Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.21.1 updated - java-17-openjdk-17.0.7.0-150400.3.21.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:14:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:14:28 +0200 (CEST) Subject: SUSE-CU-2023:1764-1: Security update of suse/pcp Message-ID: <20230603071428.BBC96FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1764-1 Container Tags : suse/pcp:5 , suse/pcp:5-15.7 , suse/pcp:5.2 , suse/pcp:5.2-15.7 , suse/pcp:5.2.5 , suse/pcp:5.2.5-15.7 , suse/pcp:latest Container Release : 15.7 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:bci-bci-init-15.4-15.4-26.65 updated From sle-updates at lists.suse.com Sat Jun 3 07:14:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:14:40 +0200 (CEST) Subject: SUSE-CU-2023:1765-1: Security update of bci/php-apache Message-ID: <20230603071440.17233FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1765-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-2.58 Container Release : 2.58 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:14:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:14:52 +0200 (CEST) Subject: SUSE-CU-2023:1766-1: Security update of bci/php-fpm Message-ID: <20230603071452.67904FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1766-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-2.57 Container Release : 2.57 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:15:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:15:05 +0200 (CEST) Subject: SUSE-CU-2023:1767-1: Security update of bci/php Message-ID: <20230603071505.B1BE2FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1767-1 Container Tags : bci/php:8 , bci/php:8-2.56 Container Release : 2.56 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:15:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:15:55 +0200 (CEST) Subject: SUSE-CU-2023:1768-1: Security update of bci/python Message-ID: <20230603071555.403E1FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1768-1 Container Tags : bci/python:3 , bci/python:3-13.4 , bci/python:3.10 , bci/python:3.10-13.4 Container Release : 13.4 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:15:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:15:57 +0200 (CEST) Subject: SUSE-CU-2023:1769-1: Security update of bci/python Message-ID: <20230603071557.A80A9FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1769-1 Container Tags : bci/python:3 , bci/python:3-2.4 , bci/python:3.11 , bci/python:3.11-2.4 , bci/python:latest Container Release : 2.4 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:16:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:16:54 +0200 (CEST) Subject: SUSE-CU-2023:1770-1: Security update of bci/python Message-ID: <20230603071654.5B8A9FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1770-1 Container Tags : bci/python:3 , bci/python:3-35.58 , bci/python:3.6 , bci/python:3.6-35.58 Container Release : 35.58 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:17:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:17:47 +0200 (CEST) Subject: SUSE-CU-2023:1771-1: Security update of bci/ruby Message-ID: <20230603071747.E2EBDFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1771-1 Container Tags : bci/ruby:2 , bci/ruby:2-34.55 , bci/ruby:2.5 , bci/ruby:2.5-34.55 , bci/ruby:latest Container Release : 34.55 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:17:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:17:55 +0200 (CEST) Subject: SUSE-CU-2023:1772-1: Security update of bci/rust Message-ID: <20230603071755.7850CFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1772-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-3.17 Container Release : 3.17 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sat Jun 3 07:18:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 3 Jun 2023 09:18:00 +0200 (CEST) Subject: SUSE-CU-2023:1773-1: Security update of bci/rust Message-ID: <20230603071800.EA4F4FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1773-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.16 , bci/rust:latest Container Release : 2.16 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sun Jun 4 07:03:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 4 Jun 2023 09:03:10 +0200 (CEST) Subject: SUSE-CU-2023:1774-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230604070310.DE9D5FCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1774-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.143 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.143 Severity : important Type : security References : 1209094 1209140 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sun Jun 4 07:03:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 4 Jun 2023 09:03:34 +0200 (CEST) Subject: SUSE-CU-2023:1775-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230604070334.9846DFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1775-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.39 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.39 Severity : important Type : security References : 1209094 1209140 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sun Jun 4 07:04:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 4 Jun 2023 09:04:14 +0200 (CEST) Subject: SUSE-CU-2023:1773-1: Security update of bci/rust Message-ID: <20230604070414.62847FCF4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1773-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.16 , bci/rust:latest Container Release : 2.16 Severity : important Type : security References : 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Sun Jun 4 07:05:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 4 Jun 2023 09:05:11 +0200 (CEST) Subject: SUSE-CU-2023:1777-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230604070511.5ED8EFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1777-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.401 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.401 Severity : important Type : security References : 1210593 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libz1-1.2.11-150000.3.45.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - container:sles15-image-15.0.0-17.20.143 updated From sle-updates at lists.suse.com Sun Jun 4 07:06:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 4 Jun 2023 09:06:54 +0200 (CEST) Subject: SUSE-CU-2023:1779-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230604070654.0A08EFCF4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1779-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.223 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.223 Severity : important Type : security References : 1210593 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libz1-1.2.11-150000.3.45.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - container:sles15-image-15.0.0-17.20.143 updated From sle-updates at lists.suse.com Mon Jun 5 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2376-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) Message-ID: <168595380366.10366.15428829964272068574@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 31 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2376-1 Rating: important References: * #1207188 * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_114 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2376=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-2375=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-2374=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-2373=1 SUSE-SLE-Module-Live-Patching-15-SP1-2023-2372=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-5-150100.2.2 * kernel-livepatch-4_12_14-150100_197_117-default-10-150100.2.2 * kernel-livepatch-4_12_14-150100_197_120-default-10-150100.2.2 * kernel-livepatch-4_12_14-150100_197_137-default-2-150100.2.2 * kernel-livepatch-4_12_14-150100_197_114-default-12-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:06 -0000 Subject: SUSE-SU-2023:2371-1: important: Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Message-ID: <168595380697.10366.17354775628661517036@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2371-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_5 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2371=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2370=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_5-rt-debuginfo-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-5-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_1-debugsource-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_5-rt-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-5-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-5-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:10 -0000 Subject: SUSE-SU-2023:2369-1: important: Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Message-ID: <168595381031.10366.7878998243967913579@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2369-1 Rating: important References: * #1207188 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_18 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2369=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_18-rt-3-150400.2.2 * kernel-livepatch-5_14_21-150400_15_18-rt-debuginfo-3-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_5-debugsource-3-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:12 -0000 Subject: SUSE-SU-2023:2368-1: important: Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP4) Message-ID: <168595381269.10366.3691412295736325205@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 6 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2368-1 Rating: important References: * #1207188 * #1210499 * #1210662 Cross-References: * CVE-2023-0386 * CVE-2023-2162 * CVE-2023-23454 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_23 fixes several issues. The following security issues were fixed: * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2368=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_6-debugsource-2-150400.2.2 * kernel-livepatch-5_14_21-150400_15_23-rt-2-150400.2.2 * kernel-livepatch-5_14_21-150400_15_23-rt-debuginfo-2-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:14 -0000 Subject: SUSE-SU-2023:2367-1: important: Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Message-ID: <168595381431.10366.7742938605041886185@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 7 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2367-1 Rating: important References: * #1207188 Cross-References: * CVE-2023-23454 CVSS scores: * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_28 fixes one issue. The following security issue was fixed: * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2367=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_28-rt-2-150400.2.2 * kernel-livepatch-5_14_21-150400_15_28-rt-debuginfo-2-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_7-debugsource-2-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:24 -0000 Subject: SUSE-RU-2023:2366-1: moderate: Recommended update for xen Message-ID: <168595382421.10366.2806036478612114392@smelt2.suse.de> # Recommended update for xen Announcement ID: SUSE-RU-2023:2366-1 Rating: moderate References: * #1027519 * #1209237 * #1209245 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has three recommended fixes can now be installed. ## Description: This update for xen fixes the following issues: * Added debug-info to xen-syms (bsc#1209237) * Update to Xen 4.16.4 bug fix release (bsc#1027519) * Added upstream bug fixes (bsc#1027519) * Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) * Drop patches contained in new tarball and switch to upstream backports for some patches ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2366=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2366=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2366=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2366=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2366=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2366=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2366=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2366=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * openSUSE Leap 15.4 (aarch64 x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-tools-4.16.4_02-150400.4.28.1 * xen-doc-html-4.16.4_02-150400.4.28.1 * xen-tools-domU-4.16.4_02-150400.4.28.1 * xen-tools-domU-debuginfo-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * xen-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-tools-debuginfo-4.16.4_02-150400.4.28.1 * xen-devel-4.16.4_02-150400.4.28.1 * openSUSE Leap 15.4 (x86_64) * xen-libs-32bit-debuginfo-4.16.4_02-150400.4.28.1 * xen-libs-32bit-4.16.4_02-150400.4.28.1 * openSUSE Leap 15.4 (noarch) * xen-tools-xendomains-wait-disk-4.16.4_02-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * Basesystem Module 15-SP4 (x86_64) * xen-libs-4.16.4_02-150400.4.28.1 * xen-tools-domU-debuginfo-4.16.4_02-150400.4.28.1 * xen-libs-debuginfo-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-tools-domU-4.16.4_02-150400.4.28.1 * Server Applications Module 15-SP4 (x86_64) * xen-tools-4.16.4_02-150400.4.28.1 * xen-4.16.4_02-150400.4.28.1 * xen-debugsource-4.16.4_02-150400.4.28.1 * xen-tools-debuginfo-4.16.4_02-150400.4.28.1 * xen-devel-4.16.4_02-150400.4.28.1 * Server Applications Module 15-SP4 (noarch) * xen-tools-xendomains-wait-disk-4.16.4_02-150400.4.28.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1209237 * https://bugzilla.suse.com/show_bug.cgi?id=1209245 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:25 -0000 Subject: SUSE-RU-2023:2365-1: moderate: Recommended update for util-linux Message-ID: <168595382584.10366.14025596925938460699@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2365-1 Rating: moderate References: * #1210164 Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issues: * Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2365=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2365=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2365=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2365=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libuuid1-2.36.2-150300.4.35.1 * libfdisk-devel-2.36.2-150300.4.35.1 * uuidd-2.36.2-150300.4.35.1 * libblkid-devel-2.36.2-150300.4.35.1 * libmount1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-32bit-2.36.2-150300.4.35.1 * libmount1-32bit-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libblkid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libuuid1-32bit-debuginfo-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libmount-devel-2.36.2-150300.4.35.1 * libblkid-devel-static-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * libuuid-devel-static-2.36.2-150300.4.35.1 * uuidd-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * util-linux-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libuuid-devel-2.36.2-150300.4.35.1 * libsmartcols-devel-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libuuid1-32bit-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * util-linux-lang-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * util-linux-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * util-linux-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * util-linux-debuginfo-2.36.2-150300.4.35.1 * util-linux-systemd-debuginfo-2.36.2-150300.4.35.1 * libuuid1-2.36.2-150300.4.35.1 * util-linux-systemd-debugsource-2.36.2-150300.4.35.1 * libmount1-2.36.2-150300.4.35.1 * util-linux-systemd-2.36.2-150300.4.35.1 * libfdisk1-2.36.2-150300.4.35.1 * util-linux-2.36.2-150300.4.35.1 * libuuid1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-2.36.2-150300.4.35.1 * libfdisk1-debuginfo-2.36.2-150300.4.35.1 * libblkid1-debuginfo-2.36.2-150300.4.35.1 * libmount1-debuginfo-2.36.2-150300.4.35.1 * libsmartcols1-2.36.2-150300.4.35.1 * util-linux-debugsource-2.36.2-150300.4.35.1 * libsmartcols1-debuginfo-2.36.2-150300.4.35.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:28 -0000 Subject: SUSE-RU-2023:2364-1: moderate: Recommended update for util-linux Message-ID: <168595382848.10366.3784958188767262732@smelt2.suse.de> # Recommended update for util-linux Announcement ID: SUSE-RU-2023:2364-1 Rating: moderate References: * #1210164 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that has one recommended fix can now be installed. ## Description: This update for util-linux fixes the following issues: * Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2364=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2364=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2364=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2364=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2364=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * util-linux-debuginfo-2.33.2-4.30.1 * libuuid-devel-2.33.2-4.30.1 * libmount-devel-2.33.2-4.30.1 * util-linux-debugsource-2.33.2-4.30.1 * libsmartcols-devel-2.33.2-4.30.1 * libblkid-devel-2.33.2-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * util-linux-systemd-2.33.2-4.30.1 * util-linux-2.33.2-4.30.1 * util-linux-systemd-debuginfo-2.33.2-4.30.1 * libuuid1-debuginfo-2.33.2-4.30.1 * uuidd-debuginfo-2.33.2-4.30.1 * libmount1-2.33.2-4.30.1 * libblkid1-2.33.2-4.30.1 * python-libmount-debuginfo-2.33.2-4.30.1 * libsmartcols1-debuginfo-2.33.2-4.30.1 * python-libmount-2.33.2-4.30.1 * libsmartcols1-2.33.2-4.30.1 * util-linux-debugsource-2.33.2-4.30.1 * util-linux-systemd-debugsource-2.33.2-4.30.1 * libuuid1-2.33.2-4.30.1 * python-libmount-debugsource-2.33.2-4.30.1 * libblkid1-debuginfo-2.33.2-4.30.1 * util-linux-debuginfo-2.33.2-4.30.1 * libfdisk1-2.33.2-4.30.1 * libfdisk1-debuginfo-2.33.2-4.30.1 * uuidd-2.33.2-4.30.1 * libmount1-debuginfo-2.33.2-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * util-linux-lang-2.33.2-4.30.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libblkid1-32bit-2.33.2-4.30.1 * libblkid1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-32bit-2.33.2-4.30.1 * libmount1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-debuginfo-32bit-2.33.2-4.30.1 * libmount1-32bit-2.33.2-4.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * util-linux-systemd-2.33.2-4.30.1 * util-linux-2.33.2-4.30.1 * util-linux-systemd-debuginfo-2.33.2-4.30.1 * libuuid1-debuginfo-2.33.2-4.30.1 * uuidd-debuginfo-2.33.2-4.30.1 * libmount1-2.33.2-4.30.1 * libblkid1-2.33.2-4.30.1 * python-libmount-debuginfo-2.33.2-4.30.1 * libsmartcols1-debuginfo-2.33.2-4.30.1 * python-libmount-2.33.2-4.30.1 * libsmartcols1-2.33.2-4.30.1 * util-linux-debugsource-2.33.2-4.30.1 * util-linux-systemd-debugsource-2.33.2-4.30.1 * libuuid1-2.33.2-4.30.1 * python-libmount-debugsource-2.33.2-4.30.1 * libblkid1-debuginfo-2.33.2-4.30.1 * util-linux-debuginfo-2.33.2-4.30.1 * libfdisk1-2.33.2-4.30.1 * libfdisk1-debuginfo-2.33.2-4.30.1 * uuidd-2.33.2-4.30.1 * libmount1-debuginfo-2.33.2-4.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * util-linux-lang-2.33.2-4.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libblkid1-32bit-2.33.2-4.30.1 * libblkid1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-32bit-2.33.2-4.30.1 * libmount1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-debuginfo-32bit-2.33.2-4.30.1 * libmount1-32bit-2.33.2-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * util-linux-systemd-2.33.2-4.30.1 * util-linux-2.33.2-4.30.1 * util-linux-systemd-debuginfo-2.33.2-4.30.1 * libuuid1-debuginfo-2.33.2-4.30.1 * uuidd-debuginfo-2.33.2-4.30.1 * libmount1-2.33.2-4.30.1 * libblkid1-2.33.2-4.30.1 * python-libmount-debuginfo-2.33.2-4.30.1 * libsmartcols1-debuginfo-2.33.2-4.30.1 * python-libmount-2.33.2-4.30.1 * libsmartcols1-2.33.2-4.30.1 * util-linux-debugsource-2.33.2-4.30.1 * util-linux-systemd-debugsource-2.33.2-4.30.1 * libuuid1-2.33.2-4.30.1 * python-libmount-debugsource-2.33.2-4.30.1 * libblkid1-debuginfo-2.33.2-4.30.1 * util-linux-debuginfo-2.33.2-4.30.1 * libfdisk1-2.33.2-4.30.1 * libfdisk1-debuginfo-2.33.2-4.30.1 * uuidd-2.33.2-4.30.1 * libmount1-debuginfo-2.33.2-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * util-linux-lang-2.33.2-4.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libblkid1-32bit-2.33.2-4.30.1 * libblkid1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-32bit-2.33.2-4.30.1 * libmount1-debuginfo-32bit-2.33.2-4.30.1 * libuuid1-debuginfo-32bit-2.33.2-4.30.1 * libmount1-32bit-2.33.2-4.30.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * util-linux-debuginfo-2.33.2-4.30.1 * libuuid-devel-2.33.2-4.30.1 * util-linux-debugsource-2.33.2-4.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210164 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:30 -0000 Subject: SUSE-RU-2023:2363-1: moderate: Recommended update for libnvme, nvme-cli Message-ID: <168595383076.10366.6135604855033600049@smelt2.suse.de> # Recommended update for libnvme, nvme-cli Announcement ID: SUSE-RU-2023:2363-1 Rating: moderate References: * #1209131 * #1209550 * #1209669 * #1209905 * #1210089 * #1210105 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has six recommended fixes can now be installed. ## Description: This update for libnvme, nvme-cli fixes the following issues: * Fix GC in Python binding (bsc#1209905 bsc#1209131) * Fix crash when printing json output for supported log pages (bsc#1209550) * Add coverity reported fixes (bsc#1209669) * Update host_traddr when using config.json file (bsc#1210089) * Fix compiler warning (git-fixes) * Fix condition in autoconnect service (bsc#1210105) * Set version-tag so that version are correctly reported ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2363=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2363=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2363=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2363=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2363=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2363=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2363=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libnvme-devel-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-zsh-completion-2.0+40.gd857ed9befd6-150400.3.18.1 * nvme-cli-bash-completion-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-regress-script-2.0+40.gd857ed9befd6-150400.3.18.1 * python3-libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * python3-libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libnvme-devel-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-zsh-completion-2.0+40.gd857ed9befd6-150400.3.18.1 * nvme-cli-bash-completion-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-debuginfo-2.0+40.gd857ed9befd6-150400.3.18.1 * nvme-cli-debugsource-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * libnvme-debugsource-1.0+32.gb30ab4c96c2d-150400.3.21.1 * python3-libnvme-1.0+32.gb30ab4c96c2d-150400.3.21.1 * nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 * libnvme1-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 * python3-libnvme-debuginfo-1.0+32.gb30ab4c96c2d-150400.3.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209131 * https://bugzilla.suse.com/show_bug.cgi?id=1209550 * https://bugzilla.suse.com/show_bug.cgi?id=1209669 * https://bugzilla.suse.com/show_bug.cgi?id=1209905 * https://bugzilla.suse.com/show_bug.cgi?id=1210089 * https://bugzilla.suse.com/show_bug.cgi?id=1210105 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 08:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 08:30:32 -0000 Subject: SUSE-RU-2023:2362-1: moderate: Recommended update for dracut Message-ID: <168595383222.10366.12555085269782780918@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2362-1 Rating: moderate References: * #1210910 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Do not read /proc/modules to get the host modules (bsc#1210910) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2362=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2362=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2362=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * dracut-debuginfo-044.2-127.1 * dracut-fips-044.2-127.1 * dracut-044.2-127.1 * dracut-debugsource-044.2-127.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-044.2-127.1 * dracut-fips-044.2-127.1 * dracut-044.2-127.1 * dracut-debugsource-044.2-127.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * dracut-debuginfo-044.2-127.1 * dracut-fips-044.2-127.1 * dracut-044.2-127.1 * dracut-debugsource-044.2-127.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210910 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:01 -0000 Subject: SUSE-RU-2023:2382-1: moderate: Recommended update for kernel-livepatch-SLE15-SP5-RT_Update_0 Message-ID: <168598260151.18888.18219409068844967364@smelt2.suse.de> # Recommended update for kernel-livepatch-SLE15-SP5-RT_Update_0 Announcement ID: SUSE-RU-2023:2382-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update ships kernel-livepatch-SLE15-SP5-RT_Update_0 which could not be included in GA. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2382=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2382=1 ## Package List: * openSUSE Leap 15.5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-1-150500.3.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-1-150500.3.2.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-1-150500.3.2.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * kernel-livepatch-5_14_21-150500_11-rt-1-150500.3.2.1 * kernel-livepatch-SLE15-SP5-RT_Update_0-debugsource-1-150500.3.2.1 * kernel-livepatch-5_14_21-150500_11-rt-debuginfo-1-150500.3.2.1 ## References: * https://jira.suse.com/browse/PED-1706 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2383-1: moderate: Recommended update for jansi Message-ID: <168598260489.18888.903607952547065229@smelt2.suse.de> # Recommended update for jansi Announcement ID: SUSE-RU-2023:2383-1 Rating: moderate References: * #1210877 Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for jansi contains the following fix: * Fetch sources using source_service and don't distribute legally spurious files. (bsc#1210877) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2383=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2383=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2383=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2383=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2383=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * jansi-2.4.0-150200.3.7.1 * openSUSE Leap 15.4 (noarch) * jansi-javadoc-2.4.0-150200.3.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * jansi-2.4.0-150200.3.7.1 * jansi-debuginfo-2.4.0-150200.3.7.1 * openSUSE Leap 15.5 (noarch) * jansi-javadoc-2.4.0-150200.3.7.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * jansi-2.4.0-150200.3.7.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * jansi-2.4.0-150200.3.7.1 * jansi-debuginfo-2.4.0-150200.3.7.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * jansi-2.4.0-150200.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210877 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:06 -0000 Subject: SUSE-RU-2023:2381-1: moderate: Recommended update for bouncycastle Message-ID: <168598260605.18888.5651240954898119380@smelt2.suse.de> # Recommended update for bouncycastle Announcement ID: SUSE-RU-2023:2381-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for bouncycastle fixes the following issues: bouncycastle was updated to version 1.73: [jsc#PED-3756] Defects Fixed: * BCJSSE: Instantiating a JSSE provider in some contexts could cause an AccessControl exception. * The EC key pair generator can generate out of range private keys when used with SM2. A specific SM2KeyPairGenerator has been added to the low-level API and is used by KeyPairGenerator.getInstance("SM2", "BC"). The SM2 signer has been updated to check for out of range keys as well.. * The attached signature type byte was still present in Falcon signatures as well as the detached signature byte. * There was an off-by-one error in engineGetOutputSize() for ECIES. * The method for invoking read() internally in BCPGInputStream could result in inconsistent behaviour if the class was extended. * Fixed a rounding issue with FF1 Format Preserving Encryption algorithm for certain radices. * Fixed RFC3394WrapEngine handling of 64 bit keys. * Internal buffer for blake2sp was too small and could result in an ArrayIndexOutOfBoundsException. * JCA PSS Signatures using SHAKE128 and SHAKE256 now support encoding of algorithm parameters. * PKCS10CertificationRequest now checks for empty extension parameters. * Parsing errors in the processing of PGP Armored Data now throw an explicit exception ArmoredInputException. * PGP AEAD streams could occassionally be truncated. * The ESTService class now supports processing of chunked HTTP data. * A constructed ASN.1 OCTET STRING with a single member would sometimes be re- encoded as a definite-length OCTET STRING. The encoding has been adjusted to preserve the BER status of the object. * PKIXCertPathReviewer could fail if the trust anchor was also included in the certificate store being used for path analysis. * UTF-8 parsing of an array range ignored the provided length. * IPAddress has been written to provide stricter checking and avoid the use of Integer.parseInt(). * A Java 7 class snuck into the Java 5 to Java 8 build. Additional Features and Functionality: * The Rainbow NIST Post Quantum Round-3 Candidate has been added to the low- level API and the BCPQC provider (level 3 and level 5 parameter sets only). * The GeMSS NIST Post Quantum Round-3 Candidate has been added to the low- level API. * The org.bouncycastle.rsa.max_mr_tests property check has been added to allow capping of MR tests done on RSA moduli. * Significant performance improvements in PQC algorithms, especially BIKE, CMCE, Frodo, HQC, Picnic. * EdDSA verification now conforms to the recommendations of Taming the many EdDSAs, in particular cofactored verification. As a side benefit, Pornin's basis reduction is now used for EdDSA verification, giving a significant performance boost. * Major performance improvements for Anomalous Binary (Koblitz) Curves. * The lightweight Cryptography finalists Ascon, ISAP, Elephant, PhotonBeetle, Sparkle, and Xoodyak have been added to the light-weight cryptography API. * BLAKE2bp and BLAKE2sp have been added to the light-weight cryptography API. * Support has been added for X.509, Section 9.8, hybrid certificates and CRLs using alternate public keys and alternate signatures. * The property "org.bouncycastle.emulate.oracle" has been added to signal the provider should return algorithm names on some algorithms in the same manner as the Oracle JCE provider. * An extra replaceSigners method has been added to CMSSignedData which allows for specifying the digest algorithm IDs to be used in the new CMSSignedData object. * Parsing and re-encoding of ASN.1 PEM data has been further optimized to prevent unecessary conversions between basic encoding, definite length, and DER. * Support has been added for KEM ciphers in CMS in accordance with draft-ietf- lamps-cms-kemri * Support has been added for certEncr in CRMF to allow issuing of certificates for KEM public keys. * Further speedups have been made to CRC24. * GCMParameterSpec constructor caching has been added to improve performance for JVMs that have the class available. * The PGPEncrytedDataGenerator now supports injecting the session key to be used for PGP PBE encrypted data. * The CRMF CertificateRequestMessageBuilder now supports optional attributes. * Improvements to the s calculation in JPAKE. * A general purpose PQCOtherInfoGenerator has been added which supports all Kyber and NTRU. * An implementation of HPKE (RFC 9180 - Hybrid Public Key Encryption) has been added to the light-weight cryptography API. Security Advisories: * The PQC implementations have now been subject to formal review for secret leakage and side channels, there were issues in BIKE, Falcon, Frodo, HQC which have now been fixed. Some weak positives also showed up in Rainbow, Picnic, SIKE, and GeMSS - for now this last set has been ignored as the algorithms will either be updated if they reappear in the Signature Round, or deleted, as is already the case for SIKE (it is now in the legacy package). Details on the group responsible for the testing can be found in the CONTRIBUTORS file. * For at least some ECIES variants (e.g. when using CBC) there is an issue with potential malleability of a nonce (implying silent malleability of the plaintext) that must be sent alongside the ciphertext but is outside the IES integrity check. For this reason the automatic generation of nonces with IED is now disabled and they have to be passed in using an IESParameterSpec. The current advice is to agree on a nonce between parties and then rely on the use of the ephemeral key component to allow the nonce (rather the so called nonce) usage to be extended. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2381=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2381=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2381=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2381=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2381=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2381=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2381=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2381=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2381=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2381=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2381=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2381=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2381=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2381=1 ## Package List: * openSUSE Leap 15.4 (noarch) * bouncycastle-javadoc-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-mail-1.73-150200.3.18.1 * bouncycastle-tls-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * openSUSE Leap 15.5 (noarch) * bouncycastle-javadoc-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-mail-1.73-150200.3.18.1 * bouncycastle-tls-1.73-150200.3.18.1 * bouncycastle-jmail-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * Development Tools Module 15-SP4 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * Development Tools Module 15-SP5 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Enterprise Storage 7.1 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 * SUSE Enterprise Storage 7 (noarch) * bouncycastle-pkix-1.73-150200.3.18.1 * bouncycastle-pg-1.73-150200.3.18.1 * bouncycastle-1.73-150200.3.18.1 * bouncycastle-util-1.73-150200.3.18.1 ## References: * https://jira.suse.com/browse/PED-3756 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:07 -0000 Subject: SUSE-RU-2023:2380-1: low: Recommended update for release-notes-sles Message-ID: <168598260799.18888.4680475594572163282@smelt2.suse.de> # Recommended update for release-notes-sles Announcement ID: SUSE-RU-2023:2380-1 Rating: low References: * #1211271 * #933411 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features and has two recommended fixes can now be installed. ## Description: This update for release-notes-sles contains the following fixes: * Minor version update to 15.4.20230511. (bsc#933411) * Added note about secure boot shim update. (bsc#1211271) * Minor version update to 15.4.20230510. (bsc#933411) * Added note about systemd-journal-remote removal. (jsc#1210589) * Added note about Podman 4.3.1. (jsc#PED-1805) * Added note about Python changes. (jsc#PED-3799) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2380=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 SUSE-SLE-Product- SLES-15-SP4-2023-2380=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2380=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Manager Server 4.3 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-sles-15.4.20230511-150400.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211271 * https://bugzilla.suse.com/show_bug.cgi?id=933411 * https://jira.suse.com/browse/PED-1805 * https://jira.suse.com/browse/PED-3799 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:12 -0000 Subject: SUSE-SU-2023:2379-1: important: Security update for openstack-heat, python-Werkzeug Message-ID: <168598261236.18888.18212529325089292552@smelt2.suse.de> # Security update for openstack-heat, python-Werkzeug Announcement ID: SUSE-SU-2023:2379-1 Rating: important References: * #1208283 * #1209774 Cross-References: * CVE-2023-1625 * CVE-2023-25577 CVSS scores: * CVE-2023-1625 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves two vulnerabilities can now be installed. ## Description: This update for openstack-heat, python-Werkzeug contains the following fixes: Security fixes included on this update: openstack-heat: \- CVE-2023-1625: Fixed an issue where parameter values marked as "hidden" would be shown in the stack's environment. (bsc#1209774) python-Werkzeug: \- CVE-2023-25577: Fixed an unbounded resource usage when parsing multipart forms with many fields. (bsc#1208283) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2379=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2379=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2379=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * openstack-heat-doc-9.0.8~dev22-3.30.3 * openstack-heat-test-9.0.8~dev22-3.30.3 * openstack-heat-plugin-heat_docker-9.0.8~dev22-3.30.3 * venv-openstack-designate-x86_64-5.0.3~dev7-12.45.1 * python-Werkzeug-0.12.2-3.6.2 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.47.1 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.46.1 * openstack-heat-api-9.0.8~dev22-3.30.3 * openstack-heat-9.0.8~dev22-3.30.3 * openstack-heat-engine-9.0.8~dev22-3.30.3 * openstack-heat-api-cfn-9.0.8~dev22-3.30.3 * venv-openstack-heat-x86_64-9.0.8~dev22-12.51.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.46.1 * openstack-heat-api-cloudwatch-9.0.8~dev22-3.30.3 * python-heat-9.0.8~dev22-3.30.3 * SUSE OpenStack Cloud 8 (noarch) * openstack-heat-doc-9.0.8~dev22-3.30.3 * openstack-heat-test-9.0.8~dev22-3.30.3 * openstack-heat-plugin-heat_docker-9.0.8~dev22-3.30.3 * venv-openstack-designate-x86_64-5.0.3~dev7-12.45.1 * python-Werkzeug-0.12.2-3.6.2 * venv-openstack-octavia-x86_64-1.0.6~dev3-12.47.1 * venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.46.1 * openstack-heat-api-9.0.8~dev22-3.30.3 * openstack-heat-9.0.8~dev22-3.30.3 * openstack-heat-engine-9.0.8~dev22-3.30.3 * openstack-heat-api-cfn-9.0.8~dev22-3.30.3 * venv-openstack-heat-x86_64-9.0.8~dev22-12.51.1 * venv-openstack-sahara-x86_64-7.0.5~dev4-11.46.1 * openstack-heat-api-cloudwatch-9.0.8~dev22-3.30.3 * python-heat-9.0.8~dev22-3.30.3 * SUSE OpenStack Cloud Crowbar 8 (noarch) * openstack-heat-doc-9.0.8~dev22-3.30.3 * openstack-heat-test-9.0.8~dev22-3.30.3 * openstack-heat-plugin-heat_docker-9.0.8~dev22-3.30.3 * python-Werkzeug-0.12.2-3.6.2 * openstack-heat-api-9.0.8~dev22-3.30.3 * openstack-heat-9.0.8~dev22-3.30.3 * openstack-heat-engine-9.0.8~dev22-3.30.3 * openstack-heat-api-cfn-9.0.8~dev22-3.30.3 * openstack-heat-api-cloudwatch-9.0.8~dev22-3.30.3 * python-heat-9.0.8~dev22-3.30.3 ## References: * https://www.suse.com/security/cve/CVE-2023-1625.html * https://www.suse.com/security/cve/CVE-2023-25577.html * https://bugzilla.suse.com/show_bug.cgi?id=1208283 * https://bugzilla.suse.com/show_bug.cgi?id=1209774 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 5 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 05 Jun 2023 16:30:14 -0000 Subject: SUSE-SU-2023:2378-1: important: Security update for openstack-heat, openstack-swift, python-Werkzeug Message-ID: <168598261473.18888.12967645065708072168@smelt2.suse.de> # Security update for openstack-heat, openstack-swift, python-Werkzeug Announcement ID: SUSE-SU-2023:2378-1 Rating: important References: * #1207035 * #1208283 * #1209774 Cross-References: * CVE-2022-47950 * CVE-2023-1625 * CVE-2023-25577 CVSS scores: * CVE-2022-47950 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-47950 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1625 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-25577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves three vulnerabilities can now be installed. ## Description: This update for openstack-heat, openstack-swift, python-Werkzeug contains the following fixes: Security fixes included in this update: openstack-heat: \- CVE-2023-1625: Fixed an issue where parameter values marked as "hidden" would be shown in the stack's environment (bsc#1209774). openstack-swift: \- CVE-2022-47950: Fixed a local file disclosure that could be triggered by an authenticated attacker by supplying a malicious XML (bnc#1207035). python-Werkzeug: \- CVE-2023-25577: Fixed an unbounded resource usage when parsing multipart forms with many fields (bsc#1208283). Non security changes on this update: Changes in openstack-heat: \- Honor 'hidden' parameter in 'stack environment show' command. (bsc#1209774, CVE-2023-1625) Changes in openstack-swift: \- Prevent XXE injections in API. (bsc#1207035, CVE-2022-47950) Changes in python-Werkzeug; \- Limit maximum number of multipart form parts. (bsc#1208283, CVE-2023-25577) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2378=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2378=1 ## Package List: * SUSE OpenStack Cloud 9 (noarch) * openstack-swift-object-2.19.3~dev3-3.6.3 * openstack-heat-api-cfn-11.0.4~dev4-3.24.4 * openstack-swift-container-2.19.3~dev3-3.6.3 * python-Werkzeug-0.14.1-3.6.2 * python-heat-11.0.4~dev4-3.24.4 * python-swift-2.19.3~dev3-3.6.3 * openstack-heat-11.0.4~dev4-3.24.4 * venv-openstack-designate-x86_64-7.0.2~dev2-3.41.2 * venv-openstack-octavia-x86_64-3.2.3~dev7-4.41.2 * venv-openstack-magnum-x86_64-7.2.1~dev1-4.41.3 * venv-openstack-swift-x86_64-2.19.3~dev3-2.36.3 * openstack-heat-api-11.0.4~dev4-3.24.4 * openstack-swift-account-2.19.3~dev3-3.6.3 * venv-openstack-sahara-x86_64-9.0.2~dev15-3.41.2 * venv-openstack-keystone-x86_64-14.2.1~dev9-3.42.2 * openstack-heat-plugin-heat_docker-11.0.4~dev4-3.24.4 * openstack-swift-proxy-2.19.3~dev3-3.6.3 * openstack-swift-2.19.3~dev3-3.6.3 * venv-openstack-heat-x86_64-11.0.4~dev4-3.43.2 * openstack-heat-engine-11.0.4~dev4-3.24.4 * SUSE OpenStack Cloud Crowbar 9 (noarch) * openstack-swift-object-2.19.3~dev3-3.6.3 * openstack-heat-api-cfn-11.0.4~dev4-3.24.4 * openstack-swift-container-2.19.3~dev3-3.6.3 * python-Werkzeug-0.14.1-3.6.2 * python-heat-11.0.4~dev4-3.24.4 * python-swift-2.19.3~dev3-3.6.3 * openstack-heat-11.0.4~dev4-3.24.4 * openstack-heat-api-11.0.4~dev4-3.24.4 * openstack-swift-account-2.19.3~dev3-3.6.3 * openstack-heat-plugin-heat_docker-11.0.4~dev4-3.24.4 * openstack-swift-proxy-2.19.3~dev3-3.6.3 * openstack-swift-2.19.3~dev3-3.6.3 * openstack-heat-engine-11.0.4~dev4-3.24.4 ## References: * https://www.suse.com/security/cve/CVE-2022-47950.html * https://www.suse.com/security/cve/CVE-2023-1625.html * https://www.suse.com/security/cve/CVE-2023-25577.html * https://bugzilla.suse.com/show_bug.cgi?id=1207035 * https://bugzilla.suse.com/show_bug.cgi?id=1208283 * https://bugzilla.suse.com/show_bug.cgi?id=1209774 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 07:05:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:05:35 +0200 (CEST) Subject: SUSE-CU-2023:1780-1: Recommended update of suse/sles12sp5 Message-ID: <20230606070535.3388DF377@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1780-1 Container Tags : suse/sles12sp5:6.5.477 , suse/sles12sp5:latest Container Release : 6.5.477 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2364-1 Released: Mon Jun 5 09:22:18 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) The following package changes have been done: - libblkid1-2.33.2-4.30.1 updated - libfdisk1-2.33.2-4.30.1 updated - libmount1-2.33.2-4.30.1 updated - libsmartcols1-2.33.2-4.30.1 updated - libuuid1-2.33.2-4.30.1 updated - util-linux-2.33.2-4.30.1 updated From sle-updates at lists.suse.com Tue Jun 6 07:08:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:08:04 +0200 (CEST) Subject: SUSE-CU-2023:1781-1: Recommended update of suse/sle15 Message-ID: <20230606070804.BD424F377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1781-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.145 , suse/sle15:15.3 , suse/sle15:15.3.17.20.145 Container Release : 17.20.145 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated From sle-updates at lists.suse.com Tue Jun 6 07:11:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:11:15 +0200 (CEST) Subject: SUSE-CU-2023:1784-1: Security update of bci/openjdk-devel Message-ID: <20230606071115.E303DF377@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1784-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-39.122 Container Release : 39.122 Severity : important Type : security References : 1210593 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - container:bci-openjdk-11-15.4.11-35.62 updated From sle-updates at lists.suse.com Tue Jun 6 07:12:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:12:00 +0200 (CEST) Subject: SUSE-CU-2023:1785-1: Security update of bci/openjdk-devel Message-ID: <20230606071200.F3CD9F377@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1785-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-14.118 , bci/openjdk-devel:latest Container Release : 14.118 Severity : important Type : security References : 1210392 1210593 1211259 1211430 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2340-1 Released: Thu Jun 1 09:46:52 2023 Summary: Recommended update for java-17-openjdk Type: recommended Severity: moderate References: 1210392,1211259 This update for java-17-openjdk fixes the following issues: - In SSLSessionImpl, interpret length of SNIServerName as an unsigned byte so that it can have length up to 255 rather than 127 (SG#65673, bsc#1210392) - Do not install separate nss.fips.cfg file, since there is now one in the tree and the install happens automatically - Enable system property file by default, without which the FIPS mode would never get enabled (bsc#1211259) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libz1-1.2.11-150000.3.45.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - java-17-openjdk-headless-17.0.7.0-150400.3.21.1 updated - java-17-openjdk-17.0.7.0-150400.3.21.1 updated - java-17-openjdk-devel-17.0.7.0-150400.3.21.1 updated - container:bci-openjdk-17-15.4.17-13.63 updated From sle-updates at lists.suse.com Tue Jun 6 07:13:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:13:29 +0200 (CEST) Subject: SUSE-CU-2023:1787-1: Security update of suse/postgres Message-ID: <20230606071329.4AE81F377@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1787-1 Container Tags : suse/postgres:14 , suse/postgres:14-21.20 , suse/postgres:14.8 , suse/postgres:14.8-21.20 Container Release : 21.20 Severity : important Type : security References : 1203141 1206513 1207410 1210164 1210303 1210303 1210434 1210593 1210702 1211228 1211228 1211229 1211229 1211230 1211231 1211232 1211233 1211430 CVE-2023-2454 CVE-2023-2454 CVE-2023-2455 CVE-2023-2455 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2205-1 Released: Mon May 15 13:15:13 2023 Summary: Security update for postgresql14 Type: security Severity: important References: 1210303,1211228,1211229,CVE-2023-2454,CVE-2023-2455 This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2207-1 Released: Mon May 15 13:20:56 2023 Summary: Security update for postgresql15 Type: security Severity: important References: 1210303,1211228,1211229,CVE-2023-2454,CVE-2023-2455 This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - libpq5-15.3-150200.5.9.1 updated - kbd-2.4.0-150400.5.6.1 updated - postgresql14-14.8-150200.5.26.1 updated - systemd-249.16-150400.8.28.3 updated - postgresql14-server-14.8-150200.5.26.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Tue Jun 6 07:13:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:13:33 +0200 (CEST) Subject: SUSE-CU-2023:1788-1: Security update of suse/postgres Message-ID: <20230606071333.89FFAF377@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1788-1 Container Tags : suse/postgres:15 , suse/postgres:15-5.19 , suse/postgres:15.3 , suse/postgres:15.3-5.19 , suse/postgres:latest Container Release : 5.19 Severity : important Type : security References : 1203141 1206513 1207410 1210164 1210303 1210434 1210593 1210702 1211228 1211229 1211230 1211231 1211232 1211233 1211430 CVE-2023-2454 CVE-2023-2455 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29491 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2207-1 Released: Mon May 15 13:20:56 2023 Summary: Security update for postgresql15 Type: security Severity: important References: 1210303,1211228,1211229,CVE-2023-2454,CVE-2023-2455 This update for postgresql15 fixes the following issues: Updated to version 15.3: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script (bsc#1211228). - CVE-2023-2455: Fixed an issue that could allow a user to see or modify rows that should have been invisible (bsc#1211229). - Internal fixes (bsc#1210303). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). The following package changes have been done: - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - util-linux-2.37.2-150400.8.17.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - libpq5-15.3-150200.5.9.1 updated - kbd-2.4.0-150400.5.6.1 updated - postgresql15-15.3-150200.5.9.1 updated - systemd-249.16-150400.8.28.3 updated - postgresql15-server-15.3-150200.5.9.1 updated - container:sles15-image-15.0.0-27.14.66 updated From sle-updates at lists.suse.com Tue Jun 6 07:14:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:14:15 +0200 (CEST) Subject: SUSE-CU-2023:1789-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230606071415.163E9F377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1789-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.403 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.403 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) The following package changes have been done: - util-linux-systemd-2.36.2-150300.4.35.1 updated From sle-updates at lists.suse.com Tue Jun 6 07:16:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 6 Jun 2023 09:16:18 +0200 (CEST) Subject: SUSE-CU-2023:1791-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230606071618.C7A6CF377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1791-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.225 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.225 Severity : moderate Type : recommended References : 1210164 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) The following package changes have been done: - util-linux-systemd-2.36.2-150300.4.35.1 updated From sle-updates at lists.suse.com Tue Jun 6 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 08:30:04 -0000 Subject: SUSE-SU-2023:2389-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) Message-ID: <168604020422.21650.8002608927073966074@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2389-1 Rating: important References: * #1207188 * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_123 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2388=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-2387=1 SUSE-SLE-Module-Live- Patching-15-SP1-2023-2389=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_134-default-4-150100.2.2 * kernel-livepatch-4_12_14-150100_197_126-default-7-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-7-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 08:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 08:30:06 -0000 Subject: SUSE-SU-2023:2386-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP1) Message-ID: <168604020625.21650.9051544011251654950@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 39 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2386-1 Rating: important References: * #1207188 * #1210500 * #1210662 Cross-References: * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 CVSS scores: * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_142 fixes several issues. The following security issues were fixed: * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2386=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_142-default-2-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 08:30:08 -0000 Subject: SUSE-SU-2023:2385-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Message-ID: <168604020809.21650.7508912152244977871@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2385-1 Rating: important References: * #1207188 Cross-References: * CVE-2023-23454 CVSS scores: * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_145 fixes one issue. The following security issue was fixed: * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2385=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_145-default-2-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 08:30:11 -0000 Subject: SUSE-SU-2023:2384-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Message-ID: <168604021108.21650.11147326008545229595@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2384-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_11 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2384=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_11-rt-4-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-4-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-4-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 08:30:13 -0000 Subject: SUSE-SU-2023:2390-1: important: Security update for apache-commons-fileupload Message-ID: <168604021307.21650.15480191287759487806@smelt2.suse.de> # Security update for apache-commons-fileupload Announcement ID: SUSE-SU-2023:2390-1 Rating: important References: * #1208513 Cross-References: * CVE-2023-24998 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for apache-commons-fileupload fixes the following issues: Updated to version 1.5: \- CVE-2023-24998: Added a configurable maximum number of files to upload per request (bsc#1208513). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2390=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2390=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2390=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2390=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2390=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2390=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2390=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2390=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2390=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2390=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2390=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2390=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2390=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2390=1 ## Package List: * openSUSE Leap 15.4 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * apache-commons-fileupload-javadoc-1.5-150200.3.9.1 * openSUSE Leap 15.5 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * apache-commons-fileupload-javadoc-1.5-150200.3.9.1 * Web and Scripting Module 15-SP4 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * Web and Scripting Module 15-SP5 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Manager Server 4.2 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Enterprise Storage 7.1 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 * SUSE Enterprise Storage 7 (noarch) * apache-commons-fileupload-1.5-150200.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 12:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 12:30:46 -0000 Subject: SUSE-SU-2023:0796-2: important: Security update for the Linux Kernel Message-ID: <168605464623.30841.5936100544042854815@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0796 Rating: important References: * #1166486 * #1177529 * #1203331 * #1203332 * #1204993 * #1205544 * #1206224 * #1206232 * #1206459 * #1206640 * #1206876 * #1206877 * #1206878 * #1206880 * #1206881 * #1206882 * #1206883 * #1206884 * #1206885 * #1206886 * #1206889 * #1206894 * #1207051 * #1207270 * #1207328 * #1207588 * #1207589 * #1207590 * #1207591 * #1207592 * #1207593 * #1207594 * #1207603 * #1207605 * #1207606 * #1207607 * #1207608 * #1207609 * #1207610 * #1207613 * #1207615 * #1207617 * #1207618 * #1207619 * #1207620 * #1207621 * #1207623 * #1207624 * #1207625 * #1207626 * #1207628 * #1207630 * #1207631 * #1207632 * #1207634 * #1207635 * #1207636 * #1207638 * #1207639 * #1207641 * #1207642 * #1207643 * #1207644 * #1207645 * #1207646 * #1207647 * #1207648 * #1207651 * #1207653 * #1207770 * #1207773 * #1207845 * #1207875 * #1208149 * #1208153 * #1208183 * #1208212 * #1208290 * #1208420 * #1208428 * #1208429 * #1208449 * #1208534 * #1208541 * #1208570 * #1208607 * #1208628 * #1208700 * #1208741 * #1208759 * #1208784 * #1208787 * #1209188 * #1209436 Cross-References: * CVE-2022-36280 * CVE-2022-38096 * CVE-2023-0045 * CVE-2023-0461 * CVE-2023-0597 * CVE-2023-22995 * CVE-2023-23559 * CVE-2023-26545 CVSS scores: * CVE-2022-36280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-36280 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0045 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0045 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves eight vulnerabilities and has 86 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a serious regression in the i915 graphics card driver. * CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * [infiniband] READ is "data destination", not source... (git-fixes) * [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). * acpi/x86: Add support for LPS0 callback handler (git-fixes). * acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). * acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224). * acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224). * acpi: battery: Fix missing NUL-termination with large strings (git-fixes). * acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224). * acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224). * acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224). * acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224). * acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224). * acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224). * acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224). * acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224). * acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224). * acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224). * acpica: Drop port I/O validation for some regions (git-fixes). * acpica: nsrepair: handle cases without a return value correctly (git-fixes). * alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes). * alsa: hda/ca0132: minor fix for allocation size (git-fixes). * alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). * alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). * alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes). * alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes). * alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git- fixes). * alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes). * alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git- fixes). * alsa: hda: Do not unset preset when cleaning up codec (git-fixes). * alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). * alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). * alsa: pci: lx6464es: fix a debug loop (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git- fixes). * arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). * arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). * arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git- fixes). * arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson-g12-common: Make mmc host controller interrupts level- sensitive (git-fixes). * arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). * arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). * arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git- fixes). * arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes). * arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git- fixes). * arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). * arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). * arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). * arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git- fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). * arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). * arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git- fixes). * arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). * arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git- fixes). * arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git- fixes). * arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). * arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). * arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). * arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). * arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). * arm: dts: am5748: keep usb4_tm disabled (git-fixes) * arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). * arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git- fixes). * arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) * arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). * arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) * arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). * arm: dts: rockchip: add power-domains property to dp node on rk3288 (git- fixes). * arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). * arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) * arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) * arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). * arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). * arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) * arm: omap: remove debug-leds driver (git-fixes) * arm: remove some dead code (git-fixes) * arm: renumber bits related to _TIF_WORK_MASK (git-fixes) * arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). * arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) * arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). * asoc: Intel: boards: fix spelling in comments (git-fixes). * asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes). * asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes). * asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git- fixes). * asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). * asoc: adau7118: do not disable regulators on device unbind (git-fixes). * asoc: cs42l56: fix DT probe (git-fixes). * asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). * asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). * asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). * asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). * asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). * asoc: rsnd: fixup #endif position (git-fixes). * asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). * asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git- fixes). * asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git- fixes). * asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). * asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes). * auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git- fixes). * avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). * backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). * blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes). * blk-mq: fix possible memleak when register 'hctx' failed (git-fixes). * block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes). * block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC" (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * block: clear ->slave_dir when dropping the main slave_dir reference (git- fixes). * block: do not allow splitting of a REQ_NOWAIT bio (git-fixes). * block: fix and cleanup bio_check_ro (git-fixes). * block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes). * block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes). * bluetooth: L2CAP: Fix potential user-after-free (git-fixes). * bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). * bpf: Fix a possible task gone issue with bpf_send_signal_thread helpers (git-fixes). * bpf: Skip task with pid=1 in send_signal_common() (git-fixes). * can: j1939: do not wait 250 ms if the same addr was already claimed (git- fixes). * ceph: flush cap releases when the session is flushed (bsc#1208428). * clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). * clk: imx: avoid memory leak (git-fixes). * clk: mxl: Add option to override gate clks (git-fixes). * clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). * clk: mxl: Remove redundant spinlocks (git-fixes). * clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git- fixes). * clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). * clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). * clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git- fixes). * clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). * clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). * clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). * comedi: use menuconfig for main Comedi menu (git-fixes). * crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git- fixes). * crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). * crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). * crypto: essiv - Handle EBUSY correctly (git-fixes). * crypto: qat - fix out-of-bounds read (git-fixes). * crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). * crypto: seqiv - Handle EBUSY correctly (git-fixes). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * crypto: xts - Handle EBUSY correctly (git-fixes). * dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). * dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). * dmaengine: dw-edma: Drop chancnt initialization (git-fixes). * dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). * dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git- fixes). * dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). * dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). * dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git- fixes). * docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). * docs: gdbmacros: print newest record (git-fixes). * documentation: simplify and clarify DCO contribution example language (git- fixes). * driver core: fix potential null-ptr-deref in device_add() (git-fixes). * driver core: fix resource leak in device_add() (git-fixes). * driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git- fixes). * drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes). * drivers: base: transport_class: fix possible memory leak (git-fixes). * drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). * drm/amd/display: Fail atomic_check early on normalize_zpos error (git- fixes). * drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes). * drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). * drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git- fixes). * drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git- fixes). * drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). * drm/bridge: lt8912b: Add hot plug detection (git-fixes). * drm/bridge: lt9611: fix HPD reenablement (git-fixes). * drm/bridge: lt9611: fix clock calculation (git-fixes). * drm/bridge: lt9611: fix polarity programming (git-fixes). * drm/bridge: lt9611: fix programming of video modes (git-fixes). * drm/bridge: lt9611: fix sleep mode setup (git-fixes). * drm/bridge: lt9611: pass a pointer to the of node (git-fixes). * drm/bridge: megachips: Fix error handling in i2c_register_driver() (git- fixes). * drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). * drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). * drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). * drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). * drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git- fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/i915: Fix VBT DSI DVO port handling (git-fixes). * drm/i915: Initialize the obj flags for shmem objects (git-fixes). * drm/mediatek: Clean dangling pointer on bind error path (git-fixes). * drm/mediatek: Drop unbalanced obj unref (git-fixes). * drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). * drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git- fixes). * drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). * drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). * drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). * drm/msm/dpu: Add check for cstate (git-fixes). * drm/msm/dpu: Add check for pstates (git-fixes). * drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). * drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). * drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). * drm/msm/gem: Add check for kmalloc (git-fixes). * drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/mdp5: Add check for kzalloc (git-fixes). * drm/msm: clean event_thread->worker in case of an error (git-fixes). * drm/msm: use strscpy instead of strncpy (git-fixes). * drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git- fixes). * drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). * drm/vc4: hdmi: Correct interlaced timings again (git-fixes). * drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). * drm/vc4: hvs: Set AXI panic modes (git-fixes). * drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). * drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes). * drm/vkms: Fix memory leak in vkms_init() (git-fixes). * drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). * drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git- fixes). * drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). * drm: tidss: Fix pixel format definition (git-fixes). * dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). * dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). * dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). * dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git- fixes). * dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git- fixes). * dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). * dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). * eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). * efi: Accept version 2 of memory attributes table (git-fixes). * exit: Add and use make_task_dead (bsc#1207328). * exit: Allow oops_limit to be disabled (bsc#1207328). * exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328). * exit: Move force_uaccess back into do_exit (bsc#1207328). * exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328). * exit: Put an upper limit on how often we can oops (bsc#1207328). * exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328). * exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328). * ext4,f2fs: fix readahead of verity data (bsc#1207648). * ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ext4: add helper to check quota inums (bsc#1207618). * ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617). * ext4: add missing validation of fast-commit record lengths (bsc#1207626). * ext4: allocate extended attribute value in vmalloc area (bsc#1207635). * ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). * ext4: avoid resizing to a partial cluster size (bsc#1206880). * ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634). * ext4: continue to expand file system when the target size does not reach (bsc#1206882). * ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592). * ext4: correct max_inline_xattr_value_size computing (bsc#1206878). * ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). * ext4: disable fast-commit of encrypted dir operations (bsc#1207623). * ext4: do not allow journal inode to have encrypt flag (bsc#1207621). * ext4: do not increase iversion counter for ea_inodes (bsc#1207605). * ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603). * ext4: do not set up encryption key during jbd2 transaction (bsc#1207624). * ext4: drop ineligible txn start stop APIs (bsc#1207588). * ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606). * ext4: factor out ext4_fc_get_tl() (bsc#1207615). * ext4: fast commit may miss file actions (bsc#1207591). * ext4: fast commit may not fallback for ineligible commit (bsc#1207590). * ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). * ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). * ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620). * ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594). * ext4: fix deadlock due to mbcache entry corruption (bsc#1207653). * ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631). * ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608). * ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630). * ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593). * ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). * ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636). * ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894). * ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625). * ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609). * ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). * ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628). * ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611). * ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612). * ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616). * ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637). * ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627). * ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). * ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). * ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). * ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622). * ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). * ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). * ext4: goto right label 'failed_mount3a' (bsc#1207610). * ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629). * ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633). * ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614). * ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602). * ext4: make ext4_lazyinit_thread freezable (bsc#1206885). * ext4: place buffer head allocation before handle start (bsc#1207607). * ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). * ext4: simplify updating of fast commit stats (bsc#1207589). * ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613). * ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). * fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes). * firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). * firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git- fixes). * firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). * fix page corruption caused by racy check in __free_pages (bsc#1208149). * fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632). * fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429). * fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). * genirq: Provide new interfaces for affinity hints (bsc#1208153). * gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). * gpio: vf610: connect GPIO label to dev name (git-fixes). * gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). * gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). * hid: asus: use spinlock to protect concurrent accesses (git-fixes). * hid: asus: use spinlock to safely schedule workers (git-fixes). * hid: bigben: use spinlock to protect concurrent accesses (git-fixes). * hid: bigben: use spinlock to safely schedule workers (git-fixes). * hid: bigben_probe(): validate report count (git-fixes). * hid: bigben_worker() remove unneeded check on report_field (git-fixes). * hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). * hid: elecom: add support for TrackBall 056E:011C (git-fixes). * hv: fix comment typo in vmbus_channel/low_latency (git-fixes). * hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). * hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). * hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). * hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). * hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). * i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes). * i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). * i2c: mxs: suppress probe-deferral error message (git-fixes). * i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes). * ib/hfi1: Restore allocated resources on failed copyout (git-fixes) * ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes) * iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). * input: ads7846 - always set last command to PWRDOWN (git-fixes). * input: ads7846 - do not check penirq immediately for 7845 (git-fixes). * input: ads7846 - do not report pressure for ads7845 (git-fixes). * input: iqs269a - configure device with a single block write (git-fixes). * input: iqs269a - drop unused device node references (git-fixes). * input: iqs269a - increase interrupt handler return delay (git-fixes). * input: iqs626a - drop unused device node references (git-fixes). * iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). * ipmi:ssif: Add a timer between request retries (bsc#1206459). * ipmi:ssif: Remove rtc_us_timer (bsc#1206459). * ipmi:ssif: resend_msg() cannot fail (bsc#1206459). * ipmi_ssif: Rename idle state and check (bsc#1206459). * irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) * jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590). * jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646). * jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641). * jbd2: fix potential buffer head reference count leak (bsc#1207644). * jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645). * jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643). * kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544). * kasan: no need to unset panic_on_warn in end_report() (bsc#1207328). * leds: led-class: Add missing put_device() to led_put() (git-fixes). * leds: led-core: Fix refcount leak in of_led_get() (git-fixes). * lib/mpi: Fix buffer overrun when SG is too long (git-fixes). * lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git- fixes). * locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). * locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). * locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). * locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). * locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). * locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). * locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). * locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). * locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). * locking: Add missing __sched attributes (bsc#1207270). * mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647). * mbcache: Fixup kABI of mb_cache_entry (bsc#1207653). * md/bitmap: Fix bitmap chunk size overflow issues (git-fixes). * md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes). * md: fix a crash in mempool_free (git-fixes). * media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). * media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). * media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). * media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). * media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). * media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). * media: saa7134: Use video_unregister_device for radio_dev (git-fixes). * media: usb: siano: Fix use after free bugs caused by do_submit_urb (git- fixes). * media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git- fixes). * media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). * mfd: cs5535: Do not build on UML (git-fixes). * mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git- fixes). * misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). * misc: enclosure: Fix doc for enclosure_find() (git-fixes). * mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). * mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). * mmc: sdio: fix possible resource leaks in some error paths (git-fixes). * move upstreamed i915 and media fixes into sorted section * mtd: dataflash: remove duplicate SPI ID table (git-fixes). * mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). * mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). * mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). * mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). * mtd: spi-nor: core: fix implicit declaration warning (git-fixes). * mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). * mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). * net/rose: Fix to not accept on connected socket (git-fixes). * net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes). * net/x25: Fix to not accept on connected socket (git-fixes). * net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes). * net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). * net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). * net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). * net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git- fixes). * net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git- fixes). * nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). * nfcv3: handle out-of-order write replies (bsc#1205544). * nvdimm: disable namespace on error (bsc#1166486). * nvme-fabrics: show well known discovery name (bsc#1200054). * objtool: Add a missing comma to avoid string concatenation (bsc#1207328). * ocfs2: Fix data corruption after failed write (bsc#1208542). * ocfs2: clear dinode links count in case of error (bsc#1207650). * ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649). * ocfs2: fix crash when mount with quota enabled (bsc#1207640). * ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652). * ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651). * ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770). * ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768). * ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771). * panic: Consolidate open-coded panic_on_warn checks (bsc#1207328). * panic: Introduce warn_limit (bsc#1207328). * panic: unset panic_on_warn inside panic() (bsc#1207328). * pci/iov: Enlarge virtfn sysfs name buffer (git-fixes). * pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). * pci: Fix dropping valid root bus resources with .end = zero (git-fixes). * pci: hotplug: Allow marking devices as disconnected during bind/unbind (git- fixes). * pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). * phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). * pinctrl: aspeed: Fix confusing types in return value (git-fixes). * pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git- fixes). * pinctrl: mediatek: Fix the drive register definition of some Pins (git- fixes). * pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). * pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git- fixes). * pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git- fixes). * pinctrl: single: fix potential NULL dereference (git-fixes). * pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). * platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). * platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). * platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). * platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git- fixes). * platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git- fixes). * platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes). * platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). * printf: fix errname.c list (git-fixes). * quota: Check next/prev free block number after reading from quota file (bsc#1206640). * quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639). * rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes) * rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes) * remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). * remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). * revert "HID: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). * revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). * revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). * revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). * rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). * rtc: pm8xxx: fix set-alarm race (git-fixes). * rtc: sun6i: Always export the internal oscillator (git-fixes). * s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * sefltests: netdevsim: wait for devlink instance after netns removal (git- fixes). * selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git- fixes). * selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). * selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). * selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). * selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). * selftests/powerpc: Move perror closer to its use (bsc#1206232). * selftests: forwarding: lib: quote the sysctl values (git-fixes). * selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes). * selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes). * selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes). * selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes). * serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). * serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). * signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes). * soundwire: cadence: Do not overflow the command FIFOs (git-fixes). * spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). * spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes). * spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git- fixes). * spi: tegra210-quad: Fix validate combined sequence (git-fixes). * staging: mt7621-dts: change palmbus address to lower case (git-fixes). * sysctl: add a new register_sysctl_init() interface (bsc#1207328). * thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). * thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). * thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). * thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). * thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). * thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git- fixes). * thermal: intel: powerclamp: Fix cur_state for multi package system (git- fixes). * thermal: intel: quark_dts: fix error pointer dereference (git-fixes). * trace_events_hist: add check for return value of 'create_hist_field' (git- fixes). * tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes). * tracing: Make sure trace_printk() can output as soon as it can be used (git- fixes). * tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git- fixes). * tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). * tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git- fixes). * tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git- fixes). * ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328). * usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). * usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes). * usb: dwc3: core: Host wake up support from system suspend (git-fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). * usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). * usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). * usb: dwc3: qcom: Keep power domain on to retain controller status (git- fixes). * usb: dwc3: qcom: clean up icc init (git-fixes). * usb: dwc3: qcom: clean up suspend callbacks (git-fixes). * usb: dwc3: qcom: fix gadget-only builds (git-fixes). * usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). * usb: dwc3: qcom: fix wakeup implementation (git-fixes). * usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). * usb: dwc3: qcom: suppress unused-variable warning (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). * usb: max-3421: Fix setting of I/O pins (git-fixes). * usb: musb: Add and use inline function musb_otg_state_string (git-fixes). * usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). * usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). * usb: musb: remove schedule work called after flush (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). * vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). * vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642). * virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). * virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). * virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). * virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). * virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). * virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). * vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration. * watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). * watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). * wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). * wifi: ath11k: allow system suspend to survive ath11k (git-fixes). * wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). * wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). * wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git- fixes). * wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). * wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). * wifi: cfg80211: Fix use after free for wext (git-fixes). * wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). * wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: iwl3945: Add missing check for create_singlethread_workqueue (git- fixes). * wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git- fixes). * wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). * wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). * wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). * wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git- fixes). * wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). * wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). * wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). * wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). * wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). * wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). * wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * writeback: avoid use-after-free after removing device (bsc#1207638). * x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes). * x86/asm: Fix an assembler warning with current binutils (git-fixes). * x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes). * x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). * x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git- fixes). * x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git- fixes). * x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes). * x86/microcode/intel: Do not retry microcode reloading on the APs (git- fixes). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). * xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) * xen/netback: do some code cleanup (git-fixes). * xen/netback: fix build warning (git-fixes). * xen/netfront: destroy queues before real_num_tx_queues is zeroed (git- fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). * xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git- fixes). * xfs: estimate post-merge refcounts correctly (bsc#1208183). * xfs: hoist refcount record merge predicates (bsc#1208183). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-796=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-796=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-796=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-796=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-796=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-796=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-796=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-796=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-796=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-796=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.49.3 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * openSUSE Leap 15.4 (noarch) * kernel-source-5.14.21-150400.24.49.4 * kernel-source-vanilla-5.14.21-150400.24.49.4 * kernel-docs-html-5.14.21-150400.24.49.4 * kernel-macros-5.14.21-150400.24.49.4 * kernel-devel-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150400.24.49.3 * kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.49.3 * reiserfs-kmp-default-5.14.21-150400.24.49.3 * dlm-kmp-default-5.14.21-150400.24.49.3 * ocfs2-kmp-default-5.14.21-150400.24.49.3 * kernel-default-livepatch-devel-5.14.21-150400.24.49.3 * kernel-default-optional-5.14.21-150400.24.49.3 * kernel-obs-qa-5.14.21-150400.24.49.2 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-default-devel-5.14.21-150400.24.49.3 * kernel-default-extra-5.14.21-150400.24.49.3 * kernel-obs-build-debugsource-5.14.21-150400.24.49.3 * kernel-default-optional-debuginfo-5.14.21-150400.24.49.3 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-base-rebuild-5.14.21-150400.24.49.3.150400.24.19.3 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3 * kernel-obs-build-5.14.21-150400.24.49.3 * kselftests-kmp-default-5.14.21-150400.24.49.3 * kernel-default-extra-debuginfo-5.14.21-150400.24.49.3 * gfs2-kmp-default-5.14.21-150400.24.49.3 * cluster-md-kmp-default-5.14.21-150400.24.49.3 * kernel-syms-5.14.21-150400.24.49.4 * kernel-default-devel-debuginfo-5.14.21-150400.24.49.3 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.49.3 * dlm-kmp-default-debuginfo-5.14.21-150400.24.49.3 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-debugsource-5.14.21-150400.24.49.3 * kernel-debug-devel-5.14.21-150400.24.49.3 * kernel-debug-livepatch-devel-5.14.21-150400.24.49.3 * kernel-debug-debuginfo-5.14.21-150400.24.49.3 * kernel-debug-devel-debuginfo-5.14.21-150400.24.49.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.49.3 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-kvmsmall-debugsource-5.14.21-150400.24.49.4 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.49.4 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.49.4 * kernel-kvmsmall-devel-5.14.21-150400.24.49.4 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (aarch64) * dtb-apple-5.14.21-150400.24.49.4 * dtb-apm-5.14.21-150400.24.49.4 * dtb-cavium-5.14.21-150400.24.49.4 * dtb-amazon-5.14.21-150400.24.49.4 * dtb-mediatek-5.14.21-150400.24.49.4 * ocfs2-kmp-64kb-5.14.21-150400.24.49.2 * kernel-64kb-livepatch-devel-5.14.21-150400.24.49.2 * dtb-sprd-5.14.21-150400.24.49.4 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.49.2 * dlm-kmp-64kb-5.14.21-150400.24.49.2 * kselftests-kmp-64kb-5.14.21-150400.24.49.2 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * kernel-64kb-debugsource-5.14.21-150400.24.49.2 * cluster-md-kmp-64kb-5.14.21-150400.24.49.2 * dtb-qcom-5.14.21-150400.24.49.4 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.49.2 * dtb-xilinx-5.14.21-150400.24.49.4 * dtb-renesas-5.14.21-150400.24.49.4 * dtb-arm-5.14.21-150400.24.49.4 * reiserfs-kmp-64kb-5.14.21-150400.24.49.2 * kernel-64kb-optional-5.14.21-150400.24.49.2 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * dtb-rockchip-5.14.21-150400.24.49.4 * dtb-broadcom-5.14.21-150400.24.49.4 * dtb-hisilicon-5.14.21-150400.24.49.4 * dtb-freescale-5.14.21-150400.24.49.4 * dtb-lg-5.14.21-150400.24.49.4 * gfs2-kmp-64kb-5.14.21-150400.24.49.2 * kernel-64kb-extra-5.14.21-150400.24.49.2 * dtb-allwinner-5.14.21-150400.24.49.4 * dtb-nvidia-5.14.21-150400.24.49.4 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.49.2 * dtb-amlogic-5.14.21-150400.24.49.4 * dtb-altera-5.14.21-150400.24.49.4 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * dtb-amd-5.14.21-150400.24.49.4 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * kernel-64kb-debuginfo-5.14.21-150400.24.49.2 * dtb-marvell-5.14.21-150400.24.49.4 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.49.2 * kernel-64kb-devel-5.14.21-150400.24.49.2 * dtb-socionext-5.14.21-150400.24.49.4 * dtb-exynos-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.49.3 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.49.4 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.49.4 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.49.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.49.3 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.49.2 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.49.3 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.49.4 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.49.4 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.49.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-devel-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-default-devel-5.14.21-150400.24.49.3 * Basesystem Module 15-SP4 (noarch) * kernel-devel-5.14.21-150400.24.49.4 * kernel-macros-5.14.21-150400.24.49.4 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-devel-debuginfo-5.14.21-150400.24.49.2 * kernel-64kb-debuginfo-5.14.21-150400.24.49.2 * kernel-64kb-debugsource-5.14.21-150400.24.49.2 * kernel-64kb-devel-5.14.21-150400.24.49.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.49.4 * kernel-obs-build-debugsource-5.14.21-150400.24.49.3 * kernel-obs-build-5.14.21-150400.24.49.3 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.49.4 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.49.4 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3 * reiserfs-kmp-default-5.14.21-150400.24.49.3 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150400.24.49.3 * kernel-livepatch-SLE15-SP4_Update_9-debugsource-1-150400.9.3.3 * kernel-default-livepatch-devel-5.14.21-150400.24.49.3 * kernel-livepatch-5_14_21-150400_24_49-default-debuginfo-1-150400.9.3.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-livepatch-5_14_21-150400_24_49-default-1-150400.9.3.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.49.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.49.3 * gfs2-kmp-default-5.14.21-150400.24.49.3 * dlm-kmp-default-5.14.21-150400.24.49.3 * cluster-md-kmp-default-5.14.21-150400.24.49.3 * ocfs2-kmp-default-5.14.21-150400.24.49.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.49.3 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.49.3 * dlm-kmp-default-debuginfo-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.49.3 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debuginfo-5.14.21-150400.24.49.3 * kernel-default-debugsource-5.14.21-150400.24.49.3 * kernel-default-extra-5.14.21-150400.24.49.3 ## References: * https://www.suse.com/security/cve/CVE-2022-36280.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0045.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1166486 * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1203332 * https://bugzilla.suse.com/show_bug.cgi?id=1204993 * https://bugzilla.suse.com/show_bug.cgi?id=1205544 * https://bugzilla.suse.com/show_bug.cgi?id=1206224 * https://bugzilla.suse.com/show_bug.cgi?id=1206232 * https://bugzilla.suse.com/show_bug.cgi?id=1206459 * https://bugzilla.suse.com/show_bug.cgi?id=1206640 * https://bugzilla.suse.com/show_bug.cgi?id=1206876 * https://bugzilla.suse.com/show_bug.cgi?id=1206877 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1206880 * https://bugzilla.suse.com/show_bug.cgi?id=1206881 * https://bugzilla.suse.com/show_bug.cgi?id=1206882 * https://bugzilla.suse.com/show_bug.cgi?id=1206883 * https://bugzilla.suse.com/show_bug.cgi?id=1206884 * https://bugzilla.suse.com/show_bug.cgi?id=1206885 * https://bugzilla.suse.com/show_bug.cgi?id=1206886 * https://bugzilla.suse.com/show_bug.cgi?id=1206889 * https://bugzilla.suse.com/show_bug.cgi?id=1206894 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1207328 * https://bugzilla.suse.com/show_bug.cgi?id=1207588 * https://bugzilla.suse.com/show_bug.cgi?id=1207589 * https://bugzilla.suse.com/show_bug.cgi?id=1207590 * https://bugzilla.suse.com/show_bug.cgi?id=1207591 * https://bugzilla.suse.com/show_bug.cgi?id=1207592 * https://bugzilla.suse.com/show_bug.cgi?id=1207593 * https://bugzilla.suse.com/show_bug.cgi?id=1207594 * https://bugzilla.suse.com/show_bug.cgi?id=1207603 * https://bugzilla.suse.com/show_bug.cgi?id=1207605 * https://bugzilla.suse.com/show_bug.cgi?id=1207606 * https://bugzilla.suse.com/show_bug.cgi?id=1207607 * https://bugzilla.suse.com/show_bug.cgi?id=1207608 * https://bugzilla.suse.com/show_bug.cgi?id=1207609 * https://bugzilla.suse.com/show_bug.cgi?id=1207610 * https://bugzilla.suse.com/show_bug.cgi?id=1207613 * https://bugzilla.suse.com/show_bug.cgi?id=1207615 * https://bugzilla.suse.com/show_bug.cgi?id=1207617 * https://bugzilla.suse.com/show_bug.cgi?id=1207618 * https://bugzilla.suse.com/show_bug.cgi?id=1207619 * https://bugzilla.suse.com/show_bug.cgi?id=1207620 * https://bugzilla.suse.com/show_bug.cgi?id=1207621 * https://bugzilla.suse.com/show_bug.cgi?id=1207623 * https://bugzilla.suse.com/show_bug.cgi?id=1207624 * https://bugzilla.suse.com/show_bug.cgi?id=1207625 * https://bugzilla.suse.com/show_bug.cgi?id=1207626 * https://bugzilla.suse.com/show_bug.cgi?id=1207628 * https://bugzilla.suse.com/show_bug.cgi?id=1207630 * https://bugzilla.suse.com/show_bug.cgi?id=1207631 * https://bugzilla.suse.com/show_bug.cgi?id=1207632 * https://bugzilla.suse.com/show_bug.cgi?id=1207634 * https://bugzilla.suse.com/show_bug.cgi?id=1207635 * https://bugzilla.suse.com/show_bug.cgi?id=1207636 * https://bugzilla.suse.com/show_bug.cgi?id=1207638 * https://bugzilla.suse.com/show_bug.cgi?id=1207639 * https://bugzilla.suse.com/show_bug.cgi?id=1207641 * https://bugzilla.suse.com/show_bug.cgi?id=1207642 * https://bugzilla.suse.com/show_bug.cgi?id=1207643 * https://bugzilla.suse.com/show_bug.cgi?id=1207644 * https://bugzilla.suse.com/show_bug.cgi?id=1207645 * https://bugzilla.suse.com/show_bug.cgi?id=1207646 * https://bugzilla.suse.com/show_bug.cgi?id=1207647 * https://bugzilla.suse.com/show_bug.cgi?id=1207648 * https://bugzilla.suse.com/show_bug.cgi?id=1207651 * https://bugzilla.suse.com/show_bug.cgi?id=1207653 * https://bugzilla.suse.com/show_bug.cgi?id=1207770 * https://bugzilla.suse.com/show_bug.cgi?id=1207773 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207875 * https://bugzilla.suse.com/show_bug.cgi?id=1208149 * https://bugzilla.suse.com/show_bug.cgi?id=1208153 * https://bugzilla.suse.com/show_bug.cgi?id=1208183 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208290 * https://bugzilla.suse.com/show_bug.cgi?id=1208420 * https://bugzilla.suse.com/show_bug.cgi?id=1208428 * https://bugzilla.suse.com/show_bug.cgi?id=1208429 * https://bugzilla.suse.com/show_bug.cgi?id=1208449 * https://bugzilla.suse.com/show_bug.cgi?id=1208534 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208607 * https://bugzilla.suse.com/show_bug.cgi?id=1208628 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208759 * https://bugzilla.suse.com/show_bug.cgi?id=1208784 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 * https://bugzilla.suse.com/show_bug.cgi?id=1209436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 12:31:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 12:31:11 -0000 Subject: SUSE-SU-2023:0749-2: important: Security update for the Linux Kernel Message-ID: <168605467128.30841.14101210496700071152@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:0749 Rating: important References: * #1177529 * #1193629 * #1197534 * #1198438 * #1200054 * #1202633 * #1203331 * #1204363 * #1204993 * #1205544 * #1205846 * #1206103 * #1206232 * #1206935 * #1207051 * #1207270 * #1207560 * #1207845 * #1207846 * #1208212 * #1208420 * #1208449 * #1208534 * #1208541 * #1208542 * #1208570 * #1208607 * #1208628 * #1208700 * #1208741 * #1208759 * #1208776 * #1208784 * #1208787 * #1208816 * #1208837 * #1208843 * #1209188 * #1209436 Cross-References: * CVE-2022-3523 * CVE-2022-38096 * CVE-2023-0461 * CVE-2023-0597 * CVE-2023-1118 * CVE-2023-22995 * CVE-2023-22998 * CVE-2023-23000 * CVE-2023-23004 * CVE-2023-23559 * CVE-2023-25012 * CVE-2023-26545 CVSS scores: * CVE-2022-3523 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3523 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-38096 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0597 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22995 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-22995 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-22998 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-22998 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23000 ( SUSE ): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-23000 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23004 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H * CVE-2023-23004 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( SUSE ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-25012 ( NVD ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26545 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-26545 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Real Time Module 15-SP4 An update that solves 12 vulnerabilities and has 27 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. NOTE: This kernel was retracted due to a serious regression in the Intel I915 graphics card driver. (bsc#1209436) * CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363). * CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). * CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). * CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776). * CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). * CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560). * CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: * [xen] fix "direction" argument of iov_iter_kvec() (git-fixes). * acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes). * acpi: battery: Fix missing NUL-termination with large strings (git-fixes). * acpica: Drop port I/O validation for some regions (git-fixes). * acpica: nsrepair: handle cases without a return value correctly (git-fixes). * alsa: hda/ca0132: minor fix for allocation size (git-fixes). * alsa: hda/conexant: add a new hda codec SN6180 (git-fixes). * alsa: hda/realtek - fixed wrong gpio assigned (git-fixes). * alsa: hda: Do not unset preset when cleaning up codec (git-fixes). * alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes). * alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes). * applicom: Fix PCI device refcount leak in applicom_init() (git-fixes). * arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git- fixes). * arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes). * arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes). * arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git- fixes). * arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes). * arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes). * arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git- fixes). * arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git- fixes). * arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes). * arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes). * arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes). * arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git- fixes). * arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes). * arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes). * arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes). * arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git- fixes). * arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes). * arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git- fixes). * arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git- fixes). * arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes). * arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes). * arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes). * arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes). * arm: bcm2835_defconfig: Enable the framebuffer (git-fixes). * arm: dts: am5748: keep usb4_tm disabled (git-fixes) * arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes). * arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes). * arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes). * arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git- fixes). * arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes) * arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes). * arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes) * arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes). * arm: dts: rockchip: add power-domains property to dp node on rk3288 (git- fixes). * arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes). * arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes) * arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes) * arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes). * arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes). * arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes) * arm: omap: remove debug-leds driver (git-fixes) * arm: remove some dead code (git-fixes) * arm: renumber bits related to _TIF_WORK_MASK (git-fixes) * arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes). * arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes) * arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes). * ascpi / x86: Add support for LPS0 callback handler (git-fixes). * asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git- fixes). * asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes). * asoc: adau7118: do not disable regulators on device unbind (git-fixes). * asoc: cs42l56: fix DT probe (git-fixes). * asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes). * asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes). * asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes). * asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes). * asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes). * asoc: rsnd: fixup #endif position (git-fixes). * asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes). * asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git- fixes). * asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git- fixes). * asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes). * auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git- fixes). * avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529). * backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes). * block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541). * bluetooth: L2CAP: Fix potential user-after-free (git-fixes). * bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes). * cifs: Check the lease context if we actually got a lease (bsc#1193629). * cifs: Convert struct fealist away from 1-element array (bsc#1193629). * cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes). * cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes). * cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629). * cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629). * cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes). * cifs: Fix warning and UAF when destroy the MR list (git-fixes). * cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629). * cifs: Replace remaining 1-element arrays (bsc#1193629). * cifs: Replace zero-length arrays with flexible-array members (bsc#1193629). * cifs: Use kstrtobool() instead of strtobool() (bsc#1193629). * cifs: do not try to use rdma offload on encrypted connections (bsc#1193629). * cifs: fix mount on old smb servers (boo#1206935). * cifs: get rid of dns resolve worker (bsc#1193629). * cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629). * cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git- fixes). * cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629). * cifs: match even the scope id for ipv6 addresses (bsc#1193629). * cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629). * cifs: prevent data race in smb2_reconnect() (bsc#1193629). * cifs: print last update time for interface list (bsc#1193629). * cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629). * cifs: return a single-use cfid if we did not get a lease (bsc#1193629). * cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629). * cifs: split out smb3_use_rdma_offload() helper (bsc#1193629). * cifs: update ip_addr for ses only for primary chan setup (bsc#1193629). * cifs: use tcon allocation functions even for dummy tcon (git-fixes). * cifs: use the least loaded channel for sending requests (bsc#1193629). * clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes). * clk: imx: avoid memory leak (git-fixes). * clk: mxl: Add option to override gate clks (git-fixes). * clk: mxl: Fix a clk entry by adding relevant flags (git-fixes). * clk: mxl: Remove redundant spinlocks (git-fixes). * clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git- fixes). * clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes). * clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes). * clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git- fixes). * clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes). * clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes). * clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes). * comedi: use menuconfig for main Comedi menu (git-fixes). * crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git- fixes). * crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes). * crypto: crypto4xx - Call dma_unmap_page when done (git-fixes). * crypto: essiv - Handle EBUSY correctly (git-fixes). * crypto: qat - fix out-of-bounds read (git-fixes). * crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes). * crypto: seqiv - Handle EBUSY correctly (git-fixes). * crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes). * crypto: xts - Handle EBUSY correctly (git-fixes). * dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes). * dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes). * dmaengine: dw-edma: Drop chancnt initialization (git-fixes). * dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes). * dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git- fixes). * dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes). * dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes). * dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git- fixes). * docs: ftrace: fix a issue with duplicated subtitle number (git-fixes). * docs: gdbmacros: print newest record (git-fixes). * documentation: simplify and clarify DCO contribution example language (git- fixes). * driver core: fix potential null-ptr-deref in device_add() (git-fixes). * driver core: fix resource leak in device_add() (git-fixes). * driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git- fixes). * drivers: base: transport_class: fix possible memory leak (git-fixes). * drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes). * drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes). * drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git- fixes). * drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes). * drm/bridge: lt8912b: Add hot plug detection (git-fixes). * drm/bridge: lt9611: fix HPD reenablement (git-fixes). * drm/bridge: lt9611: fix clock calculation (git-fixes). * drm/bridge: lt9611: fix polarity programming (git-fixes). * drm/bridge: lt9611: fix programming of video modes (git-fixes). * drm/bridge: lt9611: fix sleep mode setup (git-fixes). * drm/bridge: lt9611: pass a pointer to the of node (git-fixes). * drm/bridge: megachips: Fix error handling in i2c_register_driver() (git- fixes). * drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes). * drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes). * drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes). * drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes). * drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git- fixes). * drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes). * drm/mediatek: Clean dangling pointer on bind error path (git-fixes). * drm/mediatek: Drop unbalanced obj unref (git-fixes). * drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes). * drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git- fixes). * drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes). * drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes). * drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes). * drm/msm/dpu: Add check for cstate (git-fixes). * drm/msm/dpu: Add check for pstates (git-fixes). * drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes). * drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes). * drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes). * drm/msm/gem: Add check for kmalloc (git-fixes). * drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes). * drm/msm/mdp5: Add check for kzalloc (git-fixes). * drm/msm: clean event_thread->worker in case of an error (git-fixes). * drm/msm: use strscpy instead of strncpy (git-fixes). * drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git- fixes). * drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes). * drm/vc4: hdmi: Correct interlaced timings again (git-fixes). * drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes). * drm/vc4: hvs: Set AXI panic modes (git-fixes). * drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes). * drm/vkms: Fix memory leak in vkms_init() (git-fixes). * drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes). * drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git- fixes). * drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes). * drm: tidss: Fix pixel format definition (git-fixes). * dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes). * dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes). * dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes). * dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git- fixes). * dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git- fixes). * dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes). * dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes). * eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes). * firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes). * firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git- fixes). * firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes). * fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759). * gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes). * gpio: vf610: connect GPIO label to dev name (git-fixes). * gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes). * gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes). * hid: asus: use spinlock to protect concurrent accesses (git-fixes). * hid: asus: use spinlock to safely schedule workers (git-fixes). * hid: bigben: use spinlock to protect concurrent accesses (git-fixes). * hid: bigben: use spinlock to safely schedule workers (git-fixes). * hid: bigben_probe(): validate report count (git-fixes). * hid: bigben_worker() remove unneeded check on report_field (git-fixes). * hid: core: Fix deadloop in hid_apply_multiplier (git-fixes). * hid: elecom: add support for TrackBall 056E:011C (git-fixes). * hv: fix comment typo in vmbus_channel/low_latency (git-fixes). * hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes). * hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes). * hwmon: (ftsteutates) Fix scaling of measurements (git-fixes). * hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes). * hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes). * i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes). * iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes). * input: ads7846 - always set last command to PWRDOWN (git-fixes). * input: ads7846 - do not check penirq immediately for 7845 (git-fixes). * input: ads7846 - do not report pressure for ads7845 (git-fixes). * input: iqs269a - configure device with a single block write (git-fixes). * input: iqs269a - drop unused device node references (git-fixes). * input: iqs269a - increase interrupt handler return delay (git-fixes). * input: iqs626a - drop unused device node references (git-fixes). * iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes). * irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes) * kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes). * kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes). * kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544). * kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi). * kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too. * leds: led-class: Add missing put_device() to led_put() (git-fixes). * leds: led-core: Fix refcount leak in of_led_get() (git-fixes). * lib/mpi: Fix buffer overrun when SG is too long (git-fixes). * lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git- fixes). * locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270). * locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270). * locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270). * locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270). * locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270). * locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270). * locking/rwsem: Make handoff bit handling more consistent (bsc#1207270). * locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270). * locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270). * locking: Add missing __sched attributes (bsc#1207270). * media: coda: Add check for dcoda_iram_alloc (git-fixes). * media: coda: Add check for kmalloc (git-fixes). * media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes). * media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes). * media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes). * media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes). * media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes). * media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes). * media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes). * media: platform: ti: Add missing check for devm_regulator_get (git-fixes). * media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes). * media: saa7134: Use video_unregister_device for radio_dev (git-fixes). * media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes). * media: usb: siano: Fix use after free bugs caused by do_submit_urb (git- fixes). * media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes). * media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git- fixes). * media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes). * mfd: cs5535: Do not build on UML (git-fixes). * mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git- fixes). * misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes). * misc: enclosure: Fix doc for enclosure_find() (git-fixes). * mmc: jz4740: Work around bug on JZ4760(B) (git-fixes). * mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes). * mmc: sdio: fix possible resource leaks in some error paths (git-fixes). * move upstreamed i915 and media fixes into sorted section * mtd: dataflash: remove duplicate SPI ID table (git-fixes). * mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes). * mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes). * mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes). * mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes). * mtd: spi-nor: core: fix implicit declaration warning (git-fixes). * mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes). * mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes). * net/rose: Fix to not accept on connected socket (git-fixes). * net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git- fixes). * nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes). * nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes). * nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes). * nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git- fixes). * nfs: Further optimisations for 'ls -l' (git-fixes). * nfs: nfs4clinet: check the return value of kstrdup() (git-fixes). * nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes). * nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes). * nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes). * nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git- fixes). * nfsv3: handle out-of-order write replies (bsc#1205544). * nfsv4 expose nfs_parse_server_name function (git-fixes). * nfsv4 handle port presence in fs_location server string (git-fixes). * nfsv4 only print the label when its queried (git-fixes). * nfsv4 remove zero number of fs_locations entries error check (git-fixes). * nfsv4 store server support for fs_location attribute (git-fixes). * nfsv4.1 query for fs_location attr on a new file system (git-fixes). * nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes). * nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes). * nfsv4: Protect the state recovery thread against direct reclaim (git-fixes). * nvme-auth: check chap ctrl_key once constructed (bsc#1202633). * nvme-auth: clear sensitive info right after authentication completes (bsc#1202633). * nvme-auth: convert dhchap_auth_list to an array (bsc#1202633). * nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633). * nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633). * nvme-auth: do not override ctrl keys before validation (bsc#1202633). * nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633). * nvme-auth: do not use NVMe status codes (bsc#1202633). * nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633). * nvme-auth: fix smatch warning complaints (bsc#1202633). * nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633). * nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633). * nvme-auth: mark nvme_auth_wq static (bsc#1202633). * nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633). * nvme-auth: remove redundant auth_work flush (bsc#1202633). * nvme-auth: remove redundant buffer deallocations (bsc#1202633). * nvme-auth: remove redundant deallocations (bsc#1202633). * nvme-auth: remove redundant if statement (bsc#1202633). * nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633). * nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633). * nvme-auth: rename authentication work elements (bsc#1202633). * nvme-auth: use workqueue dedicated to authentication (bsc#1202633). * nvme-fabrics: show well known discovery name (bsc#1200054). * ocfs2: Fix data corruption after failed write (bsc#1208542). * pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes). * pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes). * pci: Fix dropping valid root bus resources with .end = zero (git-fixes). * pci: hotplug: Allow marking devices as disconnected during bind/unbind (git- fixes). * pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes). * pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes). * phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes). * pinctrl: mediatek: Initialize variable *buf to zero (git-fixes). * pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git- fixes). * pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git- fixes). * pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes). * platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420). * platform/x86: amd-pmc: Correct usage of SMU version (git-fixes). * platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes). * platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git- fixes). * platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes). * platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git- fixes). * powercap: fix possible name leak in powercap_register_zone() (git-fixes). * powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612). * printf: fix errname.c list (git-fixes). * qede: avoid uninitialized entries in coal_entry array (bsc#1205846). * qede: fix interrupt coalescing configuration (bsc#1205846). * refresh patches.suse/ice-clear-stale-Tx-queue-settings-before- configuring.patch. Fix bug introduced by broken backport (bsc#1208628). * remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes). * remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes). * revert "char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol" (git-fixes). * revert "crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete" (git-fixes). * revert "hid: logitech-hidpp: add a module parameter to keep firmware gestures" (git-fixes). * revert "usb: dwc3: qcom: Keep power domain on to retain controller status" (git-fixes). * rtc: allow rtc_read_alarm without read_alarm callback (git-fixes). * rtc: pm8xxx: fix set-alarm race (git-fixes). * rtc: sun6i: Always export the internal oscillator (git-fixes). * s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes). * scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607). * scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607). * scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607). * scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607). * scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607). * scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607). * scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534). * scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607). * scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607). * scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607). * scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607). * scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607). * scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). * scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570). * scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570). * scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570). * scsi: qla2xxx: Fix erroneous link down (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570). * scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570). * scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570). * scsi: qla2xxx: Fix printk() format string (bsc#1208570). * scsi: qla2xxx: Fix stalled login (bsc#1208570). * scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570). * scsi: qla2xxx: Relocate/rename vp map (bsc#1208570). * scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570). * scsi: qla2xxx: Remove dead code (bsc#1208570). * scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570). * scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570). * scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570). * scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570). * scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570). * scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570). * scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570). * scsi: qla2xxx: edif: Fix clang warning (bsc#1208570). * scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570). * scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570). * scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570). * sefltests: netdevsim: wait for devlink instance after netns removal (git- fixes). * selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git- fixes). * selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103). * selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103). * selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232). * selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232). * selftests/powerpc: Move perror closer to its use (bsc#1206232). * serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes). * serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes). * smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629). * soundwire: cadence: Do not overflow the command FIFOs (git-fixes). * spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes). * spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git- fixes). * spi: tegra210-quad: Fix validate combined sequence (git-fixes). * staging: mt7621-dts: change palmbus address to lower case (git-fixes). * struct uvc_device move flush_status new member to end (git-fixes). * sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git- fixes). * sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git- fixes). * sunrpc: Fix socket waits for write buffer space (git-fixes). * thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes). * thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes). * thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes). * thermal/drivers/tsens: fix slope values for msm8939 (git-fixes). * thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes). * thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git- fixes). * thermal: intel: powerclamp: Fix cur_state for multi package system (git- fixes). * thermal: intel: quark_dts: fix error pointer dereference (git-fixes). * tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git- fixes). * tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes). * tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git- fixes). * tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git- fixes). * update internal module version number for cifs.ko (bsc#1193629). * usb: core: Do not hold device lock while reading the "descriptors" sysfs file (git-fixes). * usb: dwc3: core: Host wake up support from system suspend (git-fixes). * usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes). * usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes). * usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes). * usb: dwc3: qcom: Keep power domain on to retain controller status (git- fixes). * usb: dwc3: qcom: clean up icc init (git-fixes). * usb: dwc3: qcom: clean up suspend callbacks (git-fixes). * usb: dwc3: qcom: fix gadget-only builds (git-fixes). * usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes). * usb: dwc3: qcom: fix wakeup implementation (git-fixes). * usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes). * usb: dwc3: qcom: suppress unused-variable warning (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes). * usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes). * usb: max-3421: Fix setting of I/O pins (git-fixes). * usb: musb: Add and use inline function musb_otg_state_string (git-fixes). * usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes). * usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes). * usb: musb: remove schedule work called after flush (git-fixes). * usb: serial: option: add support for VW/Skoda "Carstick LTE" (git-fixes). * vc_screen: do not clobber return value in vcs_read (git-fixes). * vc_screen: modify vcs_size() handling in vcs_read() (git-fixes). * vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes). * vfs: filename_create(): fix incorrect intent (bsc#1197534). * virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449). * virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449). * virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449). * virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449). * virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449). * virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449). * vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes). * vmxnet3: move rss code block under eop descriptor (bsc#1208212). * watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes). * watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes). * watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git- fixes). * watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes). * wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes). * wifi: ath11k: allow system suspend to survive ath11k (git-fixes). * wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes). * wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes). * wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git- fixes). * wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes). * wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes). * wifi: cfg80211: Fix use after free for wext (git-fixes). * wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes). * wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: iwl3945: Add missing check for create_singlethread_workqueue (git- fixes). * wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git- fixes). * wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes). * wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes). * wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes). * wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git- fixes). * wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes). * wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes). * wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes). * wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git- fixes). * wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes). * wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). * wifi: rtw89: Add missing check for alloc_workqueue (git-fixes). * wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes). * wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git- fixes). * x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes). * x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes). * x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes). * xen-netfront: Fix NULL sring after live migration (git-fixes). * xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes). * xen/arm: Fix race in RB-tree based P2M accounting (git-fixes) * xen/netback: do some code cleanup (git-fixes). * xen/netback: fix build warning (git-fixes). * xen/netfront: destroy queues before real_num_tx_queues is zeroed (git- fixes). * xen/platform-pci: add missing free_irq() in error path (git-fixes). * xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-749=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-749=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-749=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-749=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-749=1 * SUSE Real Time Module 15-SP4 zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-749=1 ## Package List: * openSUSE Leap Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * openSUSE Leap Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (x86_64) * kernel-syms-rt-5.14.21-150400.15.14.1 * cluster-md-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-devel-5.14.21-150400.15.14.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.14.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-5.14.21-150400.15.14.2 * dlm-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * gfs2-kmp-rt-5.14.21-150400.15.14.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.14.2 * kernel-rt-5.14.21-150400.15.14.2 * openSUSE Leap 15.4 (noarch) * kernel-devel-rt-5.14.21-150400.15.14.2 * kernel-source-rt-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro 5.3 (nosrc x86_64) * kernel-rt-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Micro 5.3 (x86_64) * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_4-debugsource-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_14-rt-debuginfo-1-150400.1.3.1 * kernel-livepatch-5_14_21-150400_15_14-rt-1-150400.1.3.1 * SUSE Real Time Module 15-SP4 (x86_64) * kernel-syms-rt-5.14.21-150400.15.14.1 * cluster-md-kmp-rt-5.14.21-150400.15.14.2 * kernel-rt-devel-5.14.21-150400.15.14.2 * kernel-rt-devel-debuginfo-5.14.21-150400.15.14.2 * dlm-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-5.14.21-150400.15.14.2 * dlm-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-5.14.21-150400.15.14.2 * ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * gfs2-kmp-rt-5.14.21-150400.15.14.2 * gfs2-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt-debugsource-5.14.21-150400.15.14.2 * kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debugsource-5.14.21-150400.15.14.2 * cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.14.2 * kernel-rt_debug-debuginfo-5.14.21-150400.15.14.2 * SUSE Real Time Module 15-SP4 (noarch) * kernel-devel-rt-5.14.21-150400.15.14.2 * kernel-source-rt-5.14.21-150400.15.14.2 * SUSE Real Time Module 15-SP4 (nosrc x86_64) * kernel-rt_debug-5.14.21-150400.15.14.2 * kernel-rt-5.14.21-150400.15.14.2 ## References: * https://www.suse.com/security/cve/CVE-2022-3523.html * https://www.suse.com/security/cve/CVE-2022-38096.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-0597.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-22995.html * https://www.suse.com/security/cve/CVE-2023-22998.html * https://www.suse.com/security/cve/CVE-2023-23000.html * https://www.suse.com/security/cve/CVE-2023-23004.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-25012.html * https://www.suse.com/security/cve/CVE-2023-26545.html * https://bugzilla.suse.com/show_bug.cgi?id=1177529 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1197534 * https://bugzilla.suse.com/show_bug.cgi?id=1198438 * https://bugzilla.suse.com/show_bug.cgi?id=1200054 * https://bugzilla.suse.com/show_bug.cgi?id=1202633 * https://bugzilla.suse.com/show_bug.cgi?id=1203331 * https://bugzilla.suse.com/show_bug.cgi?id=1204363 * https://bugzilla.suse.com/show_bug.cgi?id=1204993 * https://bugzilla.suse.com/show_bug.cgi?id=1205544 * https://bugzilla.suse.com/show_bug.cgi?id=1205846 * https://bugzilla.suse.com/show_bug.cgi?id=1206103 * https://bugzilla.suse.com/show_bug.cgi?id=1206232 * https://bugzilla.suse.com/show_bug.cgi?id=1206935 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207270 * https://bugzilla.suse.com/show_bug.cgi?id=1207560 * https://bugzilla.suse.com/show_bug.cgi?id=1207845 * https://bugzilla.suse.com/show_bug.cgi?id=1207846 * https://bugzilla.suse.com/show_bug.cgi?id=1208212 * https://bugzilla.suse.com/show_bug.cgi?id=1208420 * https://bugzilla.suse.com/show_bug.cgi?id=1208449 * https://bugzilla.suse.com/show_bug.cgi?id=1208534 * https://bugzilla.suse.com/show_bug.cgi?id=1208541 * https://bugzilla.suse.com/show_bug.cgi?id=1208542 * https://bugzilla.suse.com/show_bug.cgi?id=1208570 * https://bugzilla.suse.com/show_bug.cgi?id=1208607 * https://bugzilla.suse.com/show_bug.cgi?id=1208628 * https://bugzilla.suse.com/show_bug.cgi?id=1208700 * https://bugzilla.suse.com/show_bug.cgi?id=1208741 * https://bugzilla.suse.com/show_bug.cgi?id=1208759 * https://bugzilla.suse.com/show_bug.cgi?id=1208776 * https://bugzilla.suse.com/show_bug.cgi?id=1208784 * https://bugzilla.suse.com/show_bug.cgi?id=1208787 * https://bugzilla.suse.com/show_bug.cgi?id=1208816 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1208843 * https://bugzilla.suse.com/show_bug.cgi?id=1209188 * https://bugzilla.suse.com/show_bug.cgi?id=1209436 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 12:31:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 12:31:15 -0000 Subject: SUSE-SU-2023:0305-2: important: Security update for openssl-1_0_0 Message-ID: <168605467505.30841.7012539661040468515@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:0305 Rating: important References: * #1207533 * #1207534 * #1207536 Cross-References: * CVE-2022-4304 * CVE-2023-0215 * CVE-2023-0286 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-0215 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0215 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-0286 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2023-0286 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * Legacy Module 15-SP4 * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). * CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). * CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-305=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-305=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-305=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-305=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-305=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-305=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-305=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-305=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-305=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-305=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-305=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-305=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE CaaS Platform 4.0 (x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-steam-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-cavs-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.65.1 * libopenssl1_0_0-steam-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * openssl-1_0_0-cavs-debuginfo-1.0.2p-150000.3.65.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_0_0-32bit-1.0.2p-150000.3.65.1 * libopenssl1_0_0-steam-32bit-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-32bit-1.0.2p-150000.3.65.1 * libopenssl1_0_0-steam-32bit-1.0.2p-150000.3.65.1 * libopenssl1_0_0-32bit-debuginfo-1.0.2p-150000.3.65.1 * openSUSE Leap 15.4 (noarch) * openssl-1_0_0-doc-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-hmac-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * openssl-1_0_0-debugsource-1.0.2p-150000.3.65.1 * libopenssl1_0_0-debuginfo-1.0.2p-150000.3.65.1 * openssl-1_0_0-debuginfo-1.0.2p-150000.3.65.1 * libopenssl10-1.0.2p-150000.3.65.1 * openssl-1_0_0-1.0.2p-150000.3.65.1 * libopenssl10-debuginfo-1.0.2p-150000.3.65.1 * libopenssl1_0_0-1.0.2p-150000.3.65.1 * libopenssl-1_0_0-devel-1.0.2p-150000.3.65.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://www.suse.com/security/cve/CVE-2023-0215.html * https://www.suse.com/security/cve/CVE-2023-0286.html * https://bugzilla.suse.com/show_bug.cgi?id=1207533 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 * https://bugzilla.suse.com/show_bug.cgi?id=1207536 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:16 -0000 Subject: SUSE-SU-2023:2416-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Message-ID: <168606901653.31623.8903326622027066460@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2416 Rating: important References: * #1208911 * #1209683 * #1210417 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-28464 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_109 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1872: Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210417). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2416=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-5-150300.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:19 -0000 Subject: SUSE-SU-2023:2415-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Message-ID: <168606901966.31623.11284245016108541932@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2415 Rating: important References: * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_147 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2415=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_147-default-4-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:21 -0000 Subject: SUSE-SU-2023:2413-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Message-ID: <168606902157.31623.1153114764950139277@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2413 Rating: important References: * #1207188 Cross-References: * CVE-2023-23454 CVSS scores: * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_151 fixes one issue. The following security issue was fixed: * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2413=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_36-debugsource-2-150200.2.3 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-2-150200.2.3 * kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:23 -0000 Subject: SUSE-SU-2023:2401-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Message-ID: <168606902389.31623.4508077200198208593@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2401 Rating: important References: * #1207188 * #1210417 * #1210500 * #1210662 Cross-References: * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 CVSS scores: * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_148 fixes several issues. The following security issues were fixed: * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1872: Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210417). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2401=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2419=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_35-debugsource-2-150200.2.3 * kernel-livepatch-5_3_18-150200_24_148-default-2-150200.2.3 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-2-150200.2.3 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-2-150300.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:26 -0000 Subject: SUSE-SU-2023:2420-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Message-ID: <168606902644.31623.9318409048359754439@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2420 Rating: important References: * #1207188 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2421=1 SUSE-SLE-Live- Patching-12-SP4-2023-2398=1 SUSE-SLE-Live-Patching-12-SP4-2023-2411=1 SUSE-SLE- Live-Patching-12-SP4-2023-2400=1 SUSE-SLE-Live-Patching-12-SP4-2023-2404=1 SUSE- SLE-Live-Patching-12-SP4-2023-2420=1 SUSE-SLE-Live-Patching-12-SP4-2023-2403=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_108-default-8-2.2 * kgraft-patch-4_12_14-95_114-default-5-2.2 * kgraft-patch-4_12_14-95_105-default-10-2.2 * kgraft-patch-4_12_14-95_111-default-7-2.2 * kgraft-patch-4_12_14-95_102-default-10-2.2 * kgraft-patch-4_12_14-95_120-default-3-2.2 * kgraft-patch-4_12_14-95_117-default-4-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:30 -0000 Subject: SUSE-SU-2023:2405-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Message-ID: <168606903017.31623.3322037495625529136@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2405 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210417 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1872: Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210417). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2405=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-2406=1 SUSE-SLE-Module-Live- Patching-15-SP2-2023-2396=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-2407=1 SUSE-SLE-Module-Live-Patching-15-SP2-2023-2397=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2402=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2408=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2409=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2410=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2414=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2417=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2418=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_29-debugsource-11-150200.2.3 * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-11-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_30-debugsource-8-150200.2.3 * kernel-livepatch-5_3_18-150200_24_145-default-3-150200.2.3 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-3-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_31-debugsource-8-150200.2.3 * kernel-livepatch-5_3_18-150200_24_142-default-4-150200.2.3 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-4-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_34-debugsource-3-150200.2.3 * kernel-livepatch-5_3_18-150200_24_129-default-8-150200.2.3 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-8-150200.2.3 * kernel-livepatch-5_3_18-150200_24_126-default-11-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-4-150200.2.3 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-8-150200.2.3 * kernel-livepatch-5_3_18-150200_24_134-default-8-150200.2.3 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_101-default-7-150300.2.3 * kernel-livepatch-5_3_18-150300_59_112-default-4-150300.2.3 * kernel-livepatch-5_3_18-150300_59_98-default-8-150300.2.3 * kernel-livepatch-5_3_18-150300_59_71-default-14-150300.2.3 * kernel-livepatch-5_3_18-150300_59_115-default-3-150300.2.3 * kernel-livepatch-5_3_18-150300_59_106-default-5-150300.2.3 * kernel-livepatch-5_3_18-150300_59_93-default-10-150300.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:32 -0000 Subject: SUSE-SU-2023:2395-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Message-ID: <168606903225.31623.4814273839448319466@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2395 Rating: important References: * #1210500 * #1210662 Cross-References: * CVE-2023-1989 * CVE-2023-2162 CVSS scores: * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_156 fixes several issues. The following security issues were fixed: * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2395=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_156-default-2-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 16:30:35 -0000 Subject: SUSE-SU-2023:2399-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Message-ID: <168606903530.31623.6928603558079319913@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2399 Rating: important References: * #1207188 * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_130 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2394=1 SUSE-SLE-Live- Patching-12-SP5-2023-2412=1 SUSE-SLE-Live-Patching-12-SP5-2023-2399=1 SUSE-SLE- Live-Patching-12-SP5-2023-2393=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_130-default-10-2.2 * kgraft-patch-4_12_14-122_150-default-4-2.2 * kgraft-patch-4_12_14-122_133-default-8-2.2 * kgraft-patch-4_12_14-122_153-default-2-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2425-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <168608340492.17437.10338474563693300904@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2425 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2425=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2426=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_1-debugsource-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_18-default-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_11-default-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-11-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-11-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 20:30:08 -0000 Subject: SUSE-SU-2023:2423-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Message-ID: <168608340852.17437.6012762119962174965@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2423 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210417 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1872: Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210417). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2424=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2427=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2423=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_87-default-12-150300.2.2 * kernel-livepatch-5_3_18-150300_59_90-default-11-150300.2.3 * kernel-livepatch-5_3_18-150300_59_76-default-13-150300.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 6 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 06 Jun 2023 20:30:11 -0000 Subject: SUSE-SU-2023:2422-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Message-ID: <168608341120.17437.656238970268281024@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2422 Rating: important References: * #1207188 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_99 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2422=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_99-default-12-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2431-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Message-ID: <168612660374.20988.13277177294984813016@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2431 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_38 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2431=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_6-debugsource-6-150400.2.3 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-6-150400.2.3 * kernel-livepatch-5_14_21-150400_24_38-default-6-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2429-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4) Message-ID: <168612660580.20988.14686742621165817738@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2429 Rating: important References: * #1207188 Cross-References: * CVE-2023-23454 CVSS scores: * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_63 fixes one issue. The following security issue was fixed: * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2429=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_12-debugsource-2-150400.2.3 * kernel-livepatch-5_14_21-150400_24_63-default-2-150400.2.3 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-2-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:08 -0000 Subject: SUSE-SU-2023:2428-1: important: Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Message-ID: <168612660801.20988.9591678743506127007@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2428 Rating: important References: * #1207188 * #1210499 * #1210662 Cross-References: * CVE-2023-0386 * CVE-2023-2162 * CVE-2023-23454 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_60 fixes several issues. The following security issues were fixed: * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2428=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_11-debugsource-2-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-2-150400.2.3 * kernel-livepatch-5_14_21-150400_24_60-default-2-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:10 -0000 Subject: SUSE-RU-2023:2438-1: moderate: Recommended update for kernel-firmware Message-ID: <168612661096.20988.11088555061206415664@smelt2.suse.de> # Recommended update for kernel-firmware Announcement ID: SUSE-RU-2023:2438 Rating: moderate References: * #1205811 * #1209601 * #1209681 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature and has three recommended fixes can now be installed. ## Description: This update for kernel-firmware fixes the following issues: * Add firmware for QAT 4xxx (jsc#PED-3699, bsc#1209601) * Add iwlwifi-*-72 ucode (bsc#1209681) * Update constraints for 8GB (bsc#1205811) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2438=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2438=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2438=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2438=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2438=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2438=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2438=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * openSUSE Leap 15.4 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * kernel-firmware-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 * Basesystem Module 15-SP4 (noarch) * kernel-firmware-marvell-20220509-150400.4.16.1 * kernel-firmware-mellanox-20220509-150400.4.16.1 * kernel-firmware-ath11k-20220509-150400.4.16.1 * kernel-firmware-dpaa2-20220509-150400.4.16.1 * kernel-firmware-chelsio-20220509-150400.4.16.1 * kernel-firmware-liquidio-20220509-150400.4.16.1 * kernel-firmware-platform-20220509-150400.4.16.1 * kernel-firmware-nvidia-20220509-150400.4.16.1 * kernel-firmware-ath10k-20220509-150400.4.16.1 * kernel-firmware-bnx2-20220509-150400.4.16.1 * kernel-firmware-radeon-20220509-150400.4.16.1 * kernel-firmware-atheros-20220509-150400.4.16.1 * kernel-firmware-qlogic-20220509-150400.4.16.1 * kernel-firmware-mwifiex-20220509-150400.4.16.1 * ucode-amd-20220509-150400.4.16.1 * kernel-firmware-sound-20220509-150400.4.16.1 * kernel-firmware-intel-20220509-150400.4.16.1 * kernel-firmware-nfp-20220509-150400.4.16.1 * kernel-firmware-usb-network-20220509-150400.4.16.1 * kernel-firmware-iwlwifi-20220509-150400.4.16.1 * kernel-firmware-brcm-20220509-150400.4.16.1 * kernel-firmware-qcom-20220509-150400.4.16.1 * kernel-firmware-bluetooth-20220509-150400.4.16.1 * kernel-firmware-realtek-20220509-150400.4.16.1 * kernel-firmware-ti-20220509-150400.4.16.1 * kernel-firmware-network-20220509-150400.4.16.1 * kernel-firmware-amdgpu-20220509-150400.4.16.1 * kernel-firmware-ueagle-20220509-150400.4.16.1 * kernel-firmware-all-20220509-150400.4.16.1 * kernel-firmware-mediatek-20220509-150400.4.16.1 * kernel-firmware-media-20220509-150400.4.16.1 * kernel-firmware-serial-20220509-150400.4.16.1 * kernel-firmware-prestera-20220509-150400.4.16.1 * kernel-firmware-i915-20220509-150400.4.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205811 * https://bugzilla.suse.com/show_bug.cgi?id=1209601 * https://bugzilla.suse.com/show_bug.cgi?id=1209681 * https://jira.suse.com/browse/PED-3699 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:12 -0000 Subject: SUSE-RU-2023:2437-1: moderate: Recommended update for hplip Message-ID: <168612661244.20988.18175360432174862752@smelt2.suse.de> # Recommended update for hplip Announcement ID: SUSE-RU-2023:2437 Rating: moderate References: * #1209866 Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for hplip fixes the following issues: * Fix printer attribute handling which could provoke a buffer overflow if CUPS returned a printer with too large `name/location/uri/etc` (bsc#1209866) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2437=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2437=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2437=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * hplip-scan-utils-3.21.10-150400.3.8.1 * hplip-sane-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.8.1 * hplip-sane-debuginfo-3.21.10-150400.3.8.1 * hplip-hpijs-3.21.10-150400.3.8.1 * hplip-3.21.10-150400.3.8.1 * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-devel-3.21.10-150400.3.8.1 * hplip-scan-utils-debuginfo-3.21.10-150400.3.8.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * hplip-sane-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-hpijs-debuginfo-3.21.10-150400.3.8.1 * hplip-sane-debuginfo-3.21.10-150400.3.8.1 * hplip-hpijs-3.21.10-150400.3.8.1 * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-devel-3.21.10-150400.3.8.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * hplip-debuginfo-3.21.10-150400.3.8.1 * hplip-debugsource-3.21.10-150400.3.8.1 * hplip-3.21.10-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209866 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:13 -0000 Subject: SUSE-OU-2023:2436-1: low: Optional update for tagsoup Message-ID: <168612661344.20988.16445621817113541131@smelt2.suse.de> # Optional update for tagsoup Announcement ID: SUSE-OU-2023:2436 Rating: low References: Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 An update that contains one feature can now be installed. ## Description: This update for tagsoup fixes the following issues: * Fix some build issues when building for SUSE Linux Enterprise 12 (no impact on SUSE Linux Enterprise 15) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2436=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2436=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2436=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2436=1 ## Package List: * openSUSE Leap 15.4 (noarch) * tagsoup-javadoc-1.2.1-150200.10.7.1 * tagsoup-1.2.1-150200.10.7.1 * SUSE Package Hub 15 15-SP4 (noarch) * tagsoup-javadoc-1.2.1-150200.10.7.1 * tagsoup-1.2.1-150200.10.7.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * tagsoup-1.2.1-150200.10.7.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (noarch) * tagsoup-1.2.1-150200.10.7.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:15 -0000 Subject: SUSE-FU-2023:2434-1: moderate: Feature update for junit5, mojo-executor and mojo-parent Message-ID: <168612661552.20988.8679801726591252293@smelt2.suse.de> # Feature update for junit5, mojo-executor and mojo-parent Announcement ID: SUSE-FU-2023:2434 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for junit5, mojo-executor and mojo-parent fixes the following issues: mojo-executor: * Version update from 2.3.1 to 2.4.0 (jsc#SLE-23217): * Dependencies provided by Maven have been moved to the provided scope where possible * The plexus-utils dependency must remain in the compile scope due to MNG-6965. It has been updated to version 3.0.24 to avoid spurious security vulnerability notifications due to this dependency. mojo-parent: * Version update from 60 to 70 (jsc#SLE-23217): * Improvement checkstyle configuration * Add modello-maven-plugin to pluginManagement * Remove Google search box due to privacy * Put version for mrm-maven-plugin in property * Add streamLogsOnFailures to m-invoker-p * Add property for maven-fluido-skin version * Setup Apache Matomo analytics * Downgrade Checkstyle to 9.3. 10.x requires Java 11 * remove requirement to use ssh for github scm devCon * Require Maven 3.2.5 * Add SHA-512 hashes * Extract plugin version as variable so child pom can override if needed * remove issue-tracking as do not exists anymore * remove cim report as it do not exists anymore junit5: * Deliver junit5-bom to openSUSE Leap 15.4 as it is a required dependency for mojo-parent (no source changes) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2434=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2434=1 ## Package List: * openSUSE Leap 15.4 (noarch) * junit5-bom-5.8.2-150200.3.6.1 * junit5-guide-5.8.2-150200.3.6.1 * mojo-executor-2.4.0-150200.3.3.12 * mojo-executor-javadoc-2.4.0-150200.3.3.12 * mojo-parent-70-150200.3.7.1 * junit5-5.8.2-150200.3.6.1 * junit5-javadoc-5.8.2-150200.3.6.1 * openSUSE Leap 15.5 (noarch) * junit5-bom-5.8.2-150200.3.6.1 * junit5-guide-5.8.2-150200.3.6.1 * mojo-executor-2.4.0-150200.3.3.12 * mojo-executor-javadoc-2.4.0-150200.3.3.12 * mojo-parent-70-150200.3.7.1 * junit5-5.8.2-150200.3.6.1 * junit5-javadoc-5.8.2-150200.3.6.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:14 -0000 Subject: SUSE-RU-2023:2435-1: low: Recommended update for reflectasm Message-ID: <168612661451.20988.8319506877351620548@smelt2.suse.de> # Recommended update for reflectasm Announcement ID: SUSE-RU-2023:2435 Rating: low References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for reflectasm fixes the following issues: * Include clarification in the license (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2435=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2435=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2435=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2435=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2435=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2435=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2435=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2435=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2435=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2435=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2435=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2435=1 ## Package List: * openSUSE Leap 15.4 (noarch) * reflectasm-javadoc-1.11.1-150200.3.7.11 * reflectasm-1.11.1-150200.3.7.11 * Development Tools Module 15-SP4 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Enterprise Storage 7.1 (noarch) * reflectasm-1.11.1-150200.3.7.11 * SUSE Enterprise Storage 7 (noarch) * reflectasm-1.11.1-150200.3.7.11 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:16 -0000 Subject: SUSE-RU-2023:2433-1: moderate: Recommended update for picocli Message-ID: <168612661650.20988.14246618023660522957@smelt2.suse.de> # Recommended update for picocli Announcement ID: SUSE-RU-2023:2433 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for picocli fixes the following issues: * Build picocli using ant to avoid cycles (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2433=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2433=1 ## Package List: * openSUSE Leap 15.4 (noarch) * picocli-javadoc-4.6.2-150200.3.8.1 * picocli-4.6.2-150200.3.8.1 * openSUSE Leap 15.5 (noarch) * picocli-javadoc-4.6.2-150200.3.8.1 * picocli-4.6.2-150200.3.8.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:18 -0000 Subject: SUSE-RU-2023:2430-1: critical: Recommended update for supportutils-plugin-suse-public-cloud Message-ID: <168612661853.20988.16590326715101135053@smelt2.suse.de> # Recommended update for supportutils-plugin-suse-public-cloud Announcement ID: SUSE-RU-2023:2430 Rating: critical References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that contains one feature can now be installed. ## Description: This update for supportutils-plugin-suse-public-cloud fixes the following issues: * This update will be delivered to SLE Micro. (SMO-219) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2430=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2430=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2430=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2430=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2430=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2430=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2430=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2430=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2430=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2430=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2430=1 ## Package List: * openSUSE Leap 15.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * openSUSE Leap 15.5 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * Public Cloud Module 15-SP1 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * Public Cloud Module 15-SP2 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * Public Cloud Module 15-SP3 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * Public Cloud Module 15-SP4 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 * Public Cloud Module 15-SP5 (noarch) * supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 ## References: * https://jira.suse.com/browse/SMO-219 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 08:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 08:30:17 -0000 Subject: SUSE-RU-2023:2432-1: moderate: Recommended update for mockito Message-ID: <168612661748.20988.8324769302486504358@smelt2.suse.de> # Recommended update for mockito Announcement ID: SUSE-RU-2023:2432 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for mockito fixes the following issues: * Build with Java 8 (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2432=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2432=1 ## Package List: * openSUSE Leap 15.4 (noarch) * mockito-1.10.19-150200.3.4.1 * mockito-javadoc-1.10.19-150200.3.4.1 * openSUSE Leap 15.5 (noarch) * mockito-1.10.19-150200.3.4.1 * mockito-javadoc-1.10.19-150200.3.4.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2443-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Message-ID: <168614100644.22755.12890945810179407862@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2443-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2443=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-7-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-7-150400.2.3 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-7-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:10 -0000 Subject: SUSE-SU-2023:2442-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Message-ID: <168614101031.22755.17691003922051165076@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2442-1 Rating: important References: * #1207188 * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_139 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2439=1 SUSE-SLE-Live- Patching-12-SP5-2023-2442=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_139-default-6-2.2 * kgraft-patch-4_12_14-122_144-default-5-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:13 -0000 Subject: SUSE-SU-2023:2445-1: important: Security update for google-cloud-sap-agent Message-ID: <168614101380.22755.15619735335004792802@smelt2.suse.de> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2023:2445-1 Rating: important References: * #1200441 * #1210464 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has two fixes can now be installed. ## Description: This update of google-cloud-sap-agent fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). * Update to version 1.5.1 (bsc#1210464) * Raise golang API version to 1.20 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2445=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2445=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2445=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2445=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2445=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2445=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1210464 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:16 -0000 Subject: SUSE-RU-2023:2444-1: moderate: Recommended update for resource-agents Message-ID: <168614101653.22755.4398836563804573630@smelt2.suse.de> # Recommended update for resource-agents Announcement ID: SUSE-RU-2023:2444-1 Rating: moderate References: * #1210433 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for resource-agents fixes the following issues: * "azure-events-az" errors with newer pacemaker with azure events active. (bsc#1210433) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2444=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2444=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.19.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.19.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.19.1 * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.19.1 * openSUSE Leap 15.4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * resource-agents-debugsource-4.10.0+git40.0f4de473-150400.3.19.1 * ldirectord-4.10.0+git40.0f4de473-150400.3.19.1 * resource-agents-4.10.0+git40.0f4de473-150400.3.19.1 * resource-agents-debuginfo-4.10.0+git40.0f4de473-150400.3.19.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (noarch) * monitoring-plugins-metadata-4.10.0+git40.0f4de473-150400.3.19.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:18 -0000 Subject: SUSE-SU-2023:2441-1: important: Security update for MozillaFirefox Message-ID: <168614101834.22755.17819873915670897362@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2441-1 Rating: important References: * #1211922 Cross-References: * CVE-2023-34414 * CVE-2023-34416 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): * CVE-2023-34414: Click-jacking certificate exceptions through rendering lag * CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2441=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2441=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2441=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2441=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2441=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2441=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2441=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2441=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2441=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2441=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * MozillaFirefox-translations-common-102.12.0-112.162.1 * MozillaFirefox-debuginfo-102.12.0-112.162.1 * MozillaFirefox-devel-102.12.0-112.162.1 * MozillaFirefox-102.12.0-112.162.1 * MozillaFirefox-debugsource-102.12.0-112.162.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34414.html * https://www.suse.com/security/cve/CVE-2023-34416.html * https://bugzilla.suse.com/show_bug.cgi?id=1211922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 7 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 07 Jun 2023 12:30:20 -0000 Subject: SUSE-SU-2023:2440-1: important: Security update for MozillaFirefox Message-ID: <168614102026.22755.132272429891781815@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2440-1 Rating: important References: * #1211922 Cross-References: * CVE-2023-34414 * CVE-2023-34416 CVSS scores: Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): * CVE-2023-34414: Click-jacking certificate exceptions through rendering lag * CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2440=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2440=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2440=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.12.0-150000.150.88.1 * MozillaFirefox-102.12.0-150000.150.88.1 * MozillaFirefox-translations-common-102.12.0-150000.150.88.1 * MozillaFirefox-devel-102.12.0-150000.150.88.1 * MozillaFirefox-translations-other-102.12.0-150000.150.88.1 * MozillaFirefox-debuginfo-102.12.0-150000.150.88.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * MozillaFirefox-debugsource-102.12.0-150000.150.88.1 * MozillaFirefox-102.12.0-150000.150.88.1 * MozillaFirefox-translations-common-102.12.0-150000.150.88.1 * MozillaFirefox-devel-102.12.0-150000.150.88.1 * MozillaFirefox-translations-other-102.12.0-150000.150.88.1 * MozillaFirefox-debuginfo-102.12.0-150000.150.88.1 * SUSE CaaS Platform 4.0 (x86_64) * MozillaFirefox-debugsource-102.12.0-150000.150.88.1 * MozillaFirefox-102.12.0-150000.150.88.1 * MozillaFirefox-translations-common-102.12.0-150000.150.88.1 * MozillaFirefox-devel-102.12.0-150000.150.88.1 * MozillaFirefox-translations-other-102.12.0-150000.150.88.1 * MozillaFirefox-debuginfo-102.12.0-150000.150.88.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150000.150.88.1 * MozillaFirefox-102.12.0-150000.150.88.1 * MozillaFirefox-translations-common-102.12.0-150000.150.88.1 * MozillaFirefox-devel-102.12.0-150000.150.88.1 * MozillaFirefox-translations-other-102.12.0-150000.150.88.1 * MozillaFirefox-debuginfo-102.12.0-150000.150.88.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34414.html * https://www.suse.com/security/cve/CVE-2023-34416.html * https://bugzilla.suse.com/show_bug.cgi?id=1211922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2468-1: important: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Message-ID: <168621300558.4786.884836494497705367@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2468-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_22 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2468=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_22-default-14-150400.16.1 * kernel-livepatch-5_14_21-150400_22-default-debuginfo-14-150400.16.1 * kernel-livepatch-SLE15-SP4_Update_0-debugsource-14-150400.16.1 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:07 -0000 Subject: SUSE-SU-2023:2471-1: important: Security update for openssl1 Message-ID: <168621300745.4786.12128088149383904788@smelt2.suse.de> # Security update for openssl1 Announcement ID: SUSE-SU-2023:2471-1 Rating: important References: * #1201627 * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). * Update further expiring certificates that affect tests (bsc#1201627) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2471=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2471=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.67.1 * libopenssl1_0_0-1.0.1g-0.58.67.1 * openssl1-doc-1.0.1g-0.58.67.1 * openssl1-1.0.1g-0.58.67.1 * libopenssl1-devel-1.0.1g-0.58.67.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl1_0_0-32bit-1.0.1g-0.58.67.1 * libopenssl1_0_0-1.0.1g-0.58.67.1 * openssl1-doc-1.0.1g-0.58.67.1 * openssl1-1.0.1g-0.58.67.1 * libopenssl1-devel-1.0.1g-0.58.67.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:09 -0000 Subject: SUSE-SU-2023:2470-1: moderate: Security update for openssl-3 Message-ID: <168621300988.4786.17959152204206740023@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:2470-1 Rating: moderate References: * #1205476 * #1210714 * #1211430 Cross-References: * CVE-2022-40735 * CVE-2023-1255 * CVE-2023-2650 CVSS scores: * CVE-2022-40735 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1255 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1255 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves three vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * Update to version 3.0.8 (bsc#1207541). * CVE-2022-40735: Fixed remote trigger of expensive server-side DHE modular- exponentiation with long exponents in Diffie-Hellman Key Agreement Protocol (bsc#1205476). * CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). * CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2470=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2470=1 ## Package List: * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl-3-devel-3.0.8-150400.4.26.1 * libopenssl3-debuginfo-3.0.8-150400.4.26.1 * libopenssl3-3.0.8-150400.4.26.1 * openssl-3-debuginfo-3.0.8-150400.4.26.1 * openssl-3-3.0.8-150400.4.26.1 * openssl-3-debugsource-3.0.8-150400.4.26.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl-3-devel-3.0.8-150400.4.26.1 * libopenssl3-debuginfo-3.0.8-150400.4.26.1 * libopenssl3-3.0.8-150400.4.26.1 * openssl-3-debuginfo-3.0.8-150400.4.26.1 * openssl-3-3.0.8-150400.4.26.1 * openssl-3-debugsource-3.0.8-150400.4.26.1 * openSUSE Leap 15.4 (x86_64) * libopenssl3-32bit-3.0.8-150400.4.26.1 * libopenssl3-32bit-debuginfo-3.0.8-150400.4.26.1 * libopenssl-3-devel-32bit-3.0.8-150400.4.26.1 * openSUSE Leap 15.4 (noarch) * openssl-3-doc-3.0.8-150400.4.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-40735.html * https://www.suse.com/security/cve/CVE-2023-1255.html * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1205476 * https://bugzilla.suse.com/show_bug.cgi?id=1210714 * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:12 -0000 Subject: SUSE-SU-2023:2469-1: important: Security update for openssl Message-ID: <168621301281.4786.10346480230074376039@smelt2.suse.de> # Security update for openssl Announcement ID: SUSE-SU-2023:2469-1 Rating: important References: * #1201627 * #1211430 Cross-References: * CVE-2023-2650 CVSS scores: * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). * Update further expiring certificates that affect test cases (bsc#1201627). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2469=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2469=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * libopenssl0_9_8-0.9.8j-0.106.71.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.71.1 * openssl-0.9.8j-0.106.71.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.71.1 * openssl-doc-0.9.8j-0.106.71.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.71.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * libopenssl0_9_8-0.9.8j-0.106.71.1 * libopenssl0_9_8-hmac-0.9.8j-0.106.71.1 * openssl-0.9.8j-0.106.71.1 * libopenssl0_9_8-32bit-0.9.8j-0.106.71.1 * openssl-doc-0.9.8j-0.106.71.1 * libopenssl0_9_8-hmac-32bit-0.9.8j-0.106.71.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:14 -0000 Subject: SUSE-SU-2023:2467-1: important: Security update for libwebp Message-ID: <168621301498.4786.5917470367027846089@smelt2.suse.de> # Security update for libwebp Announcement ID: SUSE-SU-2023:2467-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1999 CVSS scores: * CVE-2023-1999 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libwebp fixes the following issues: * CVE-2023-1999: Fixed a double free (bsc#1210212). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2467=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2467=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2467=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2467=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2467=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2467=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2467=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwebp-devel-1.0.3-150200.3.5.1 * libwebpdemux2-1.0.3-150200.3.5.1 * libwebp-tools-debuginfo-1.0.3-150200.3.5.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.5.1 * libwebp7-1.0.3-150200.3.5.1 * libwebp-tools-1.0.3-150200.3.5.1 * libwebpmux3-1.0.3-150200.3.5.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.5.1 * libwebp7-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-1.0.3-150200.3.5.1 * libwebp-debugsource-1.0.3-150200.3.5.1 * libwebpmux3-debuginfo-1.0.3-150200.3.5.1 * openSUSE Leap 15.4 (x86_64) * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpmux3-32bit-1.0.3-150200.3.5.1 * libwebp7-32bit-1.0.3-150200.3.5.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpdemux2-32bit-1.0.3-150200.3.5.1 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-32bit-1.0.3-150200.3.5.1 * libwebp-devel-32bit-1.0.3-150200.3.5.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwebp-devel-1.0.3-150200.3.5.1 * libwebpdemux2-1.0.3-150200.3.5.1 * libwebp-tools-debuginfo-1.0.3-150200.3.5.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.5.1 * libwebp7-1.0.3-150200.3.5.1 * libwebp-tools-1.0.3-150200.3.5.1 * libwebpmux3-1.0.3-150200.3.5.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.5.1 * libwebp7-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-1.0.3-150200.3.5.1 * libwebp-debugsource-1.0.3-150200.3.5.1 * libwebpmux3-debuginfo-1.0.3-150200.3.5.1 * openSUSE Leap 15.5 (x86_64) * libwebpdecoder3-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpmux3-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpmux3-32bit-1.0.3-150200.3.5.1 * libwebp7-32bit-1.0.3-150200.3.5.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpdemux2-32bit-1.0.3-150200.3.5.1 * libwebpdemux2-32bit-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-32bit-1.0.3-150200.3.5.1 * libwebp-devel-32bit-1.0.3-150200.3.5.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebp-devel-1.0.3-150200.3.5.1 * libwebpdemux2-1.0.3-150200.3.5.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.5.1 * libwebp7-1.0.3-150200.3.5.1 * libwebpmux3-1.0.3-150200.3.5.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.5.1 * libwebp7-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-1.0.3-150200.3.5.1 * libwebp-debugsource-1.0.3-150200.3.5.1 * libwebpmux3-debuginfo-1.0.3-150200.3.5.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwebp-devel-1.0.3-150200.3.5.1 * libwebpdemux2-1.0.3-150200.3.5.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.5.1 * libwebp7-1.0.3-150200.3.5.1 * libwebpmux3-1.0.3-150200.3.5.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.5.1 * libwebp7-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-1.0.3-150200.3.5.1 * libwebp-debugsource-1.0.3-150200.3.5.1 * libwebpmux3-debuginfo-1.0.3-150200.3.5.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libwebp7-32bit-1.0.3-150200.3.5.1 * libwebp7-32bit-debuginfo-1.0.3-150200.3.5.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libwebp-debugsource-1.0.3-150200.3.5.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libwebp-devel-1.0.3-150200.3.5.1 * libwebpdemux2-1.0.3-150200.3.5.1 * libwebpdemux2-debuginfo-1.0.3-150200.3.5.1 * libwebp7-1.0.3-150200.3.5.1 * libwebpmux3-1.0.3-150200.3.5.1 * libwebpdecoder3-debuginfo-1.0.3-150200.3.5.1 * libwebp7-debuginfo-1.0.3-150200.3.5.1 * libwebpdecoder3-1.0.3-150200.3.5.1 * libwebp-debugsource-1.0.3-150200.3.5.1 * libwebpmux3-debuginfo-1.0.3-150200.3.5.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1999.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:17 -0000 Subject: SUSE-SU-2023:2466-1: moderate: Security update for opensc Message-ID: <168621301772.4786.549293461390023551@smelt2.suse.de> # Security update for opensc Announcement ID: SUSE-SU-2023:2466-1 Rating: moderate References: * #1211894 Cross-References: * CVE-2023-2977 CVSS scores: * CVE-2023-2977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2977 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2466=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2466=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2466=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * opensc-debuginfo-0.13.0-3.22.1 * opensc-debugsource-0.13.0-3.22.1 * opensc-0.13.0-3.22.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * opensc-debuginfo-0.13.0-3.22.1 * opensc-debugsource-0.13.0-3.22.1 * opensc-0.13.0-3.22.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * opensc-debuginfo-0.13.0-3.22.1 * opensc-debugsource-0.13.0-3.22.1 * opensc-0.13.0-3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2977.html * https://bugzilla.suse.com/show_bug.cgi?id=1211894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:20 -0000 Subject: SUSE-SU-2023:2465-1: moderate: Security update for supportutils Message-ID: <168621302032.4786.309827211118607746@smelt2.suse.de> # Security update for supportutils Announcement ID: SUSE-SU-2023:2465-1 Rating: moderate References: * #1196933 * #1206350 * #1206608 * #1207598 Cross-References: * CVE-2022-45154 CVSS scores: * CVE-2022-45154 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2022-45154 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for supportutils fixes the following issues: Security fixes: * CVE-2022-45154: Removed iSCSI passwords from supportconfig archive (bsc#1207598). Bug fixes: * Fixed missing status detail for apparmor (bsc#1196933) * Corrected invalid argument list in docker.txt (bsc#1206608) * Changed _sanitize_file to include lio_setup.sh (bsc#1206350) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2465=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2465=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2465=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * supportutils-3.0.11-95.54.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * supportutils-3.0.11-95.54.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * supportutils-3.0.11-95.54.1 ## References: * https://www.suse.com/security/cve/CVE-2022-45154.html * https://bugzilla.suse.com/show_bug.cgi?id=1196933 * https://bugzilla.suse.com/show_bug.cgi?id=1206350 * https://bugzilla.suse.com/show_bug.cgi?id=1206608 * https://bugzilla.suse.com/show_bug.cgi?id=1207598 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:22 -0000 Subject: SUSE-SU-2023:2463-1: moderate: Security update for python310 Message-ID: <168621302243.4786.2135582556581194979@smelt2.suse.de> # Security update for python310 Announcement ID: SUSE-SU-2023:2463-1 Rating: moderate References: * #1203750 Cross-References: * CVE-2007-4559 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Python 3 Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python310 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2463=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2463=1 * Python 3 Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-2463=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python310-debuginfo-3.10.11-150400.4.25.1 * python310-base-3.10.11-150400.4.25.1 * python310-devel-3.10.11-150400.4.25.1 * python310-doc-devhelp-3.10.11-150400.4.25.1 * python310-testsuite-debuginfo-3.10.11-150400.4.25.1 * python310-tk-debuginfo-3.10.11-150400.4.25.1 * python310-curses-3.10.11-150400.4.25.1 * python310-idle-3.10.11-150400.4.25.1 * python310-debugsource-3.10.11-150400.4.25.1 * python310-testsuite-3.10.11-150400.4.25.1 * python310-dbm-debuginfo-3.10.11-150400.4.25.1 * python310-core-debugsource-3.10.11-150400.4.25.1 * libpython3_10-1_0-3.10.11-150400.4.25.1 * python310-tk-3.10.11-150400.4.25.1 * python310-3.10.11-150400.4.25.1 * python310-tools-3.10.11-150400.4.25.1 * python310-base-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-debuginfo-3.10.11-150400.4.25.1 * python310-curses-debuginfo-3.10.11-150400.4.25.1 * python310-dbm-3.10.11-150400.4.25.1 * python310-doc-3.10.11-150400.4.25.1 * openSUSE Leap 15.4 (x86_64) * python310-32bit-debuginfo-3.10.11-150400.4.25.1 * python310-base-32bit-3.10.11-150400.4.25.1 * python310-base-32bit-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-32bit-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-32bit-3.10.11-150400.4.25.1 * python310-32bit-3.10.11-150400.4.25.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python310-debuginfo-3.10.11-150400.4.25.1 * python310-base-3.10.11-150400.4.25.1 * python310-devel-3.10.11-150400.4.25.1 * python310-doc-devhelp-3.10.11-150400.4.25.1 * python310-testsuite-debuginfo-3.10.11-150400.4.25.1 * python310-tk-debuginfo-3.10.11-150400.4.25.1 * python310-curses-3.10.11-150400.4.25.1 * python310-idle-3.10.11-150400.4.25.1 * python310-debugsource-3.10.11-150400.4.25.1 * python310-testsuite-3.10.11-150400.4.25.1 * python310-dbm-debuginfo-3.10.11-150400.4.25.1 * python310-core-debugsource-3.10.11-150400.4.25.1 * libpython3_10-1_0-3.10.11-150400.4.25.1 * python310-tk-3.10.11-150400.4.25.1 * python310-3.10.11-150400.4.25.1 * python310-tools-3.10.11-150400.4.25.1 * python310-base-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-debuginfo-3.10.11-150400.4.25.1 * python310-curses-debuginfo-3.10.11-150400.4.25.1 * python310-dbm-3.10.11-150400.4.25.1 * python310-doc-3.10.11-150400.4.25.1 * openSUSE Leap 15.5 (x86_64) * python310-32bit-debuginfo-3.10.11-150400.4.25.1 * python310-base-32bit-3.10.11-150400.4.25.1 * python310-base-32bit-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-32bit-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-32bit-3.10.11-150400.4.25.1 * python310-32bit-3.10.11-150400.4.25.1 * Python 3 Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python310-debuginfo-3.10.11-150400.4.25.1 * python310-base-3.10.11-150400.4.25.1 * python310-dbm-debuginfo-3.10.11-150400.4.25.1 * python310-debugsource-3.10.11-150400.4.25.1 * python310-core-debugsource-3.10.11-150400.4.25.1 * python310-tk-3.10.11-150400.4.25.1 * python310-devel-3.10.11-150400.4.25.1 * python310-3.10.11-150400.4.25.1 * python310-tools-3.10.11-150400.4.25.1 * python310-base-debuginfo-3.10.11-150400.4.25.1 * libpython3_10-1_0-debuginfo-3.10.11-150400.4.25.1 * python310-curses-debuginfo-3.10.11-150400.4.25.1 * python310-dbm-3.10.11-150400.4.25.1 * libpython3_10-1_0-3.10.11-150400.4.25.1 * python310-curses-3.10.11-150400.4.25.1 * python310-tk-debuginfo-3.10.11-150400.4.25.1 * python310-idle-3.10.11-150400.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:24 -0000 Subject: SUSE-SU-2023:2462-1: moderate: Security update for python-sqlparse Message-ID: <168621302416.4786.8227784579785794189@smelt2.suse.de> # Security update for python-sqlparse Announcement ID: SUSE-SU-2023:2462-1 Rating: moderate References: * #1210617 Cross-References: * CVE-2023-30608 CVSS scores: * CVE-2023-30608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-30608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-sqlparse fixes the following issues: * CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2462=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2462=1 ## Package List: * SUSE Package Hub 15 15-SP4 (noarch) * python2-sqlparse-0.2.4-150100.6.3.1 * SUSE Package Hub 15 15-SP5 (noarch) * python2-sqlparse-0.2.4-150100.6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30608.html * https://bugzilla.suse.com/show_bug.cgi?id=1210617 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:27 -0000 Subject: SUSE-SU-2023:2459-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Message-ID: <168621302769.4786.1298379925303750504@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2459-1 Rating: important References: * #1207188 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves six vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_55 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2459=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-3-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_10-debugsource-3-150400.2.3 * kernel-livepatch-5_14_21-150400_24_55-default-3-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:31 -0000 Subject: SUSE-SU-2023:2455-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <168621303136.4786.4948987147888523866@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2455-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210499 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0386 * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0386 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0386 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-0386: Fixed privileges escalation for low-privileged users in the OverlayFS subsystem (bsc#1210499). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2455=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2456=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-2457=1 SUSE-SLE-Module-Live-Patching-15-SP4-2023-2458=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_41-default-5-150400.2.3 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-4-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-8-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-5-150400.2.3 * kernel-livepatch-5_14_21-150400_24_21-default-10-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_4-debugsource-8-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-10-150400.2.3 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-10-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-5-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-4-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-8-150400.2.3 * kernel-livepatch-5_14_21-150400_24_46-default-4-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0386.html * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210499 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:33 -0000 Subject: SUSE-SU-2023:2450-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Message-ID: <168621303308.4786.12830989936822138681@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2450-1 Rating: important References: * #1207188 Cross-References: * CVE-2023-23454 CVSS scores: * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_121 fixes one issue. The following security issue was fixed: * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2450=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-2-150300.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23454.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:36 -0000 Subject: SUSE-SU-2023:2448-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) Message-ID: <168621303624.4786.10374289204481840404@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2448-1 Rating: important References: * #1207188 * #1208911 * #1209683 * #1210417 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-0461 * CVE-2023-1281 * CVE-2023-1872 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-0461 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0461 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1872 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1872: Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210417). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208911). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2449=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-2448=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-5-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_27-debugsource-14-150200.2.3 * kernel-livepatch-5_3_18-150200_24_139-default-5-150200.2.3 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-5-150200.2.3 * kernel-livepatch-5_3_18-150200_24_115-default-14-150200.2.3 * kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-14-150200.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-0461.html * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1872.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1208911 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210417 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:39 -0000 Subject: SUSE-SU-2023:2453-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) Message-ID: <168621303953.4786.12708277912422647112@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2453-1 Rating: important References: * #1207188 * #1209683 * #1210500 * #1210662 * #1211111 Cross-References: * CVE-2023-1281 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-28464 CVSS scores: * CVE-2023-1281 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1281 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28464 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28464 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_124 fixes several issues. The following security issues were fixed: * CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1211111). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210500). * CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209683). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210662). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2453=1 SUSE-SLE-Live- Patching-12-SP5-2023-2454=1 SUSE-SLE-Live-Patching-12-SP5-2023-2447=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_127-default-10-2.2 * kgraft-patch-4_12_14-122_124-default-12-2.2 * kgraft-patch-4_12_14-122_136-default-7-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1281.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-28464.html * https://bugzilla.suse.com/show_bug.cgi?id=1207188 * https://bugzilla.suse.com/show_bug.cgi?id=1209683 * https://bugzilla.suse.com/show_bug.cgi?id=1210500 * https://bugzilla.suse.com/show_bug.cgi?id=1210662 * https://bugzilla.suse.com/show_bug.cgi?id=1211111 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:46 -0000 Subject: SUSE-RU-2023:2452-1: moderate: Recommended update for libnvme, nvme-cli Message-ID: <168621304698.4786.6934517943549040518@smelt2.suse.de> # Recommended update for libnvme, nvme-cli Announcement ID: SUSE-RU-2023:2452-1 Rating: moderate References: * #1186689 * #1207435 * #1207686 * #1207687 * #1208001 * #1208075 * #1208580 * #1209550 * #1209564 * #1209905 * #1209906 * #1210089 * #1210105 * #1211647 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains two features and has 14 recommended fixes can now be installed. ## Description: This update for libnvme, nvme-cli, nvme-stas fixes the following issues: * Update to version v1.4 (jsc#PED-553, jsc#PED-3884) * Fix invalid string lenght calculation for UUID (bsc#1209906) * Fix segmentation fault during garbage collection (bsc#1209905) * Always sanitize traddr and trsvcid entries (bsc#1207435) * Allow tracking unique discover controllers (bsc#1186689) * Enabled unit test on s390x again (bsc#1207687, bsc#1207686) * Replaced old nbft implementation with the upstream one * Don't enable TLS if kernel does not support it * Set version-tag so that version are correctly reported * Extend udev rule to pass --host-interface argument to nvme-cli (bsc#1208001) * Build documentation to be up to date * Improvements for supported-log-pages (bsc#1209550) * Fix read command (bsc#1209564) * Fix mounting filesystems via fstab (bsc#1208075) * Update host_traddr when using config.json file (bsc#1210089) * Changed default behavior of connect-all to match with old nbft behavior * Fix auto connect conditions (bsc#1210105) * Fix auto boot for NBFT connections (bsc#1211647) * nvme-stas: Update to version 2.2: * add DHCHAP support for in-band authentication (bsc#1208580) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2452=1 openSUSE-SLE-15.5-2023-2452=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2452=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libnvme-mi1-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-cli-debugsource-2.4+17.gf4cfca93998a-150500.4.3.1 * libnvme-debugsource-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-stas-2.2-150500.3.3.1 * nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1 * libnvme-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme1-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-cli-debuginfo-2.4+17.gf4cfca93998a-150500.4.3.1 * python3-libnvme-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * openSUSE Leap 15.5 (noarch) * nvme-cli-zsh-completion-2.4+17.gf4cfca93998a-150500.4.3.1 * nvme-cli-regress-script-2.4+17.gf4cfca93998a-150500.4.3.1 * nvme-cli-bash-completion-2.4+17.gf4cfca93998a-150500.4.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libnvme-mi1-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * python3-libnvme-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-cli-debugsource-2.4+17.gf4cfca93998a-150500.4.3.1 * libnvme-debugsource-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-stas-2.2-150500.3.3.1 * nvme-cli-2.4+17.gf4cfca93998a-150500.4.3.1 * libnvme-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme-devel-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme1-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme1-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * libnvme-mi1-1.4+18.g932f9c37e05a-150500.4.3.1 * nvme-cli-debuginfo-2.4+17.gf4cfca93998a-150500.4.3.1 * python3-libnvme-debuginfo-1.4+18.g932f9c37e05a-150500.4.3.1 * Basesystem Module 15-SP5 (noarch) * nvme-cli-zsh-completion-2.4+17.gf4cfca93998a-150500.4.3.1 * nvme-cli-bash-completion-2.4+17.gf4cfca93998a-150500.4.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1186689 * https://bugzilla.suse.com/show_bug.cgi?id=1207435 * https://bugzilla.suse.com/show_bug.cgi?id=1207686 * https://bugzilla.suse.com/show_bug.cgi?id=1207687 * https://bugzilla.suse.com/show_bug.cgi?id=1208001 * https://bugzilla.suse.com/show_bug.cgi?id=1208075 * https://bugzilla.suse.com/show_bug.cgi?id=1208580 * https://bugzilla.suse.com/show_bug.cgi?id=1209550 * https://bugzilla.suse.com/show_bug.cgi?id=1209564 * https://bugzilla.suse.com/show_bug.cgi?id=1209905 * https://bugzilla.suse.com/show_bug.cgi?id=1209906 * https://bugzilla.suse.com/show_bug.cgi?id=1210089 * https://bugzilla.suse.com/show_bug.cgi?id=1210105 * https://bugzilla.suse.com/show_bug.cgi?id=1211647 * https://jira.suse.com/browse/PED-3884 * https://jira.suse.com/browse/PED-553 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 08:30:48 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 08:30:48 -0000 Subject: SUSE-RU-2023:2451-1: moderate: Recommended update for fonts-config Message-ID: <168621304845.4786.16851504058887699969@smelt2.suse.de> # Recommended update for fonts-config Announcement ID: SUSE-RU-2023:2451-1 Rating: moderate References: * #1210700 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for fonts-config fixes the following issues: * Get the homedir from getpwuid when $ENV{"HOME"} is not set (bsc#1210700) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2451=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2451=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2451=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2451=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2451=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2451=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2451=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2451=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2451=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * fonts-config-20180430-6.13.1 * SUSE OpenStack Cloud 9 (noarch) * fonts-config-20180430-6.13.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * fonts-config-20180430-6.13.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * fonts-config-20180430-6.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210700 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 12:30:03 -0000 Subject: SUSE-RU-2023:2472-1: moderate: Recommended update for libzypp Message-ID: <168622740306.646.9531808532539942748@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2472-1 Rating: moderate References: * #1211661 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for libzypp fixes the following issues: * Do not unconditionally release a medium if provideFile failed (bsc#1211661) * libzypp.spec.cmake: remove duplicate file listing * Update to version 17.31.12 (22) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2472=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2472=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2472=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2472=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.12-150100.3.106.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libzypp-debuginfo-17.31.12-150100.3.106.1 * libzypp-devel-17.31.12-150100.3.106.1 * libzypp-17.31.12-150100.3.106.1 * libzypp-debugsource-17.31.12-150100.3.106.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libzypp-debuginfo-17.31.12-150100.3.106.1 * libzypp-devel-17.31.12-150100.3.106.1 * libzypp-17.31.12-150100.3.106.1 * libzypp-debugsource-17.31.12-150100.3.106.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libzypp-debuginfo-17.31.12-150100.3.106.1 * libzypp-devel-17.31.12-150100.3.106.1 * libzypp-17.31.12-150100.3.106.1 * libzypp-debugsource-17.31.12-150100.3.106.1 * SUSE CaaS Platform 4.0 (x86_64) * libzypp-debuginfo-17.31.12-150100.3.106.1 * libzypp-devel-17.31.12-150100.3.106.1 * libzypp-17.31.12-150100.3.106.1 * libzypp-debugsource-17.31.12-150100.3.106.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211661 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 8 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 08 Jun 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2473-1: moderate: Security update for python36 Message-ID: <168624180396.3132.13296552919860571867@smelt2.suse.de> # Security update for python36 Announcement ID: SUSE-SU-2023:2473-1 Rating: moderate References: * #1203750 * #1211158 Cross-References: * CVE-2007-4559 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python36 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). * Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2473=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2473=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2473=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2473=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-devel-3.6.15-46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * python36-base-debuginfo-3.6.15-46.1 * python36-debuginfo-3.6.15-46.1 * libpython3_6m1_0-debuginfo-3.6.15-46.1 * libpython3_6m1_0-3.6.15-46.1 * python36-base-3.6.15-46.1 * python36-debugsource-3.6.15-46.1 * python36-3.6.15-46.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libpython3_6m1_0-32bit-3.6.15-46.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-46.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * python36-base-debuginfo-3.6.15-46.1 * python36-debuginfo-3.6.15-46.1 * libpython3_6m1_0-debuginfo-3.6.15-46.1 * libpython3_6m1_0-3.6.15-46.1 * python36-base-3.6.15-46.1 * python36-debugsource-3.6.15-46.1 * python36-3.6.15-46.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libpython3_6m1_0-32bit-3.6.15-46.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * python36-base-debuginfo-3.6.15-46.1 * python36-debuginfo-3.6.15-46.1 * libpython3_6m1_0-debuginfo-3.6.15-46.1 * libpython3_6m1_0-3.6.15-46.1 * python36-base-3.6.15-46.1 * python36-debugsource-3.6.15-46.1 * python36-3.6.15-46.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libpython3_6m1_0-32bit-3.6.15-46.1 * libpython3_6m1_0-debuginfo-32bit-3.6.15-46.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 * https://bugzilla.suse.com/show_bug.cgi?id=1211158 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 07:05:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2023 09:05:35 +0200 (CEST) Subject: SUSE-CU-2023:1828-1: Recommended update of suse/sle15 Message-ID: <20230609070535.F235EFC35@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1828-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.776 Container Release : 6.2.776 Severity : moderate Type : recommended References : 1211661 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2472-1 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1211661 This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) The following package changes have been done: - libzypp-17.31.12-150100.3.106.1 updated From sle-updates at lists.suse.com Fri Jun 9 07:06:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2023 09:06:50 +0200 (CEST) Subject: SUSE-CU-2023:1829-1: Recommended update of bci/openjdk-devel Message-ID: <20230609070650.46069FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1829-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-40.3 Container Release : 40.3 Severity : moderate Type : recommended References : 1210877 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2383-1 Released: Mon Jun 5 17:40:54 2023 Summary: Recommended update for jansi Type: recommended Severity: moderate References: 1210877 This update for jansi contains the following fix: - Fetch sources using source_service and don't distribute legally spurious files. (bsc#1210877) The following package changes have been done: - jansi-2.4.0-150200.3.7.1 updated - container:bci-openjdk-11-15.4.11-36.1 updated From sle-updates at lists.suse.com Fri Jun 9 07:07:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2023 09:07:25 +0200 (CEST) Subject: SUSE-CU-2023:1830-1: Recommended update of bci/openjdk-devel Message-ID: <20230609070725.704DCFC35@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1830-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-15.2 , bci/openjdk-devel:latest Container Release : 15.2 Severity : moderate Type : recommended References : 1210877 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2383-1 Released: Mon Jun 5 17:40:54 2023 Summary: Recommended update for jansi Type: recommended Severity: moderate References: 1210877 This update for jansi contains the following fix: - Fetch sources using source_service and don't distribute legally spurious files. (bsc#1210877) The following package changes have been done: - jansi-2.4.0-150200.3.7.1 updated - container:bci-openjdk-17-15.4.17-14.1 updated From sle-updates at lists.suse.com Fri Jun 9 07:08:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 9 Jun 2023 09:08:21 +0200 (CEST) Subject: SUSE-CU-2023:1833-1: Security update of bci/python Message-ID: <20230609070821.25218FC35@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1833-1 Container Tags : bci/python:3 , bci/python:3-14.2 , bci/python:3.10 , bci/python:3.10-14.2 Container Release : 14.2 Severity : moderate Type : security References : 1203750 CVE-2007-4559 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2463-1 Released: Thu Jun 8 09:42:28 2023 Summary: Security update for python310 Type: security Severity: moderate References: 1203750,CVE-2007-4559 This update for python310 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). The following package changes have been done: - libpython3_10-1_0-3.10.11-150400.4.25.1 updated - python310-base-3.10.11-150400.4.25.1 updated - python310-3.10.11-150400.4.25.1 updated - python310-devel-3.10.11-150400.4.25.1 updated From sle-updates at lists.suse.com Fri Jun 9 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2476-1: important: Security update for java-1_8_0-ibm Message-ID: <168629940596.23709.4194710534877249060@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:2476-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 * #1210711 * #1210826 * #1211615 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 * CVE-2023-2597 * CVE-2023-30441 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-2597 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2597 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). * CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). * CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). * CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). * CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). * CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). * CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). * CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: * CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2476=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2476=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2476=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2476=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2476=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2476=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2476=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2476=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2476=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2476=1 ## Package List: * SUSE OpenStack Cloud 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE OpenStack Cloud 9 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (nosrc) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-30.108.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * java-1_8_0-ibm-alsa-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-30.108.1 * java-1_8_0-ibm-devel-1.8.0_sr8.5-30.108.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://www.suse.com/security/cve/CVE-2023-2597.html * https://www.suse.com/security/cve/CVE-2023-30441.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 * https://bugzilla.suse.com/show_bug.cgi?id=1210711 * https://bugzilla.suse.com/show_bug.cgi?id=1210826 * https://bugzilla.suse.com/show_bug.cgi?id=1211615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 12:30:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 12:30:01 -0000 Subject: SUSE-RU-2023:2480-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <168631380199.19040.17417168134258897331@smelt2.suse.de> # Recommended update for systemd-rpm-macros Announcement ID: SUSE-RU-2023:2480-1 Rating: moderate References: * #1211272 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for systemd-rpm-macros fixes the following issues: * Adjust functions so they are disabled when called from a chroot (bsc#1211272) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2480=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2480=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2480=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * systemd-rpm-macros-12-10.39.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * systemd-rpm-macros-12-10.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * systemd-rpm-macros-12-10.39.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 12:30:03 -0000 Subject: SUSE-SU-2023:2479-1: low: Security update for mariadb Message-ID: <168631380377.19040.3147407263417669552@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:2479-1 Rating: low References: * #1207404 Cross-References: * CVE-2022-47015 CVSS scores: * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Server Applications Module 15-SP4 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Updated to version 10.6.13: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2479=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2479=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2479=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2479=1 * Galera for Ericsson 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-ERICSSON-2023-2479=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2479=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2479=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * mariadb-galera-10.6.13-150400.3.23.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * mariadb-galera-10.6.13-150400.3.23.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * mariadb-10.6.13-150400.3.23.1 * libmariadbd19-debuginfo-10.6.13-150400.3.23.1 * mariadb-tools-debuginfo-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * libmariadbd-devel-10.6.13-150400.3.23.1 * mariadb-tools-10.6.13-150400.3.23.1 * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-client-debuginfo-10.6.13-150400.3.23.1 * libmariadbd19-10.6.13-150400.3.23.1 * mariadb-client-10.6.13-150400.3.23.1 * Server Applications Module 15-SP4 (noarch) * mariadb-errormessages-10.6.13-150400.3.23.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mariadb-10.6.13-150400.3.23.1 * libmariadbd19-debuginfo-10.6.13-150400.3.23.1 * mariadb-tools-debuginfo-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * libmariadbd-devel-10.6.13-150400.3.23.1 * mariadb-tools-10.6.13-150400.3.23.1 * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-client-debuginfo-10.6.13-150400.3.23.1 * libmariadbd19-10.6.13-150400.3.23.1 * mariadb-client-10.6.13-150400.3.23.1 * Server Applications Module 15-SP5 (noarch) * mariadb-errormessages-10.6.13-150400.3.23.1 * Galera for Ericsson 15 SP4 (x86_64) * mariadb-galera-10.6.13-150400.3.23.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * mariadb-10.6.13-150400.3.23.1 * mariadb-test-debuginfo-10.6.13-150400.3.23.1 * mariadb-tools-debuginfo-10.6.13-150400.3.23.1 * mariadb-client-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * mariadb-galera-10.6.13-150400.3.23.1 * libmariadbd-devel-10.6.13-150400.3.23.1 * mariadb-bench-10.6.13-150400.3.23.1 * mariadb-test-10.6.13-150400.3.23.1 * mariadb-tools-10.6.13-150400.3.23.1 * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-rpm-macros-10.6.13-150400.3.23.1 * mariadb-bench-debuginfo-10.6.13-150400.3.23.1 * mariadb-client-debuginfo-10.6.13-150400.3.23.1 * libmariadbd19-10.6.13-150400.3.23.1 * libmariadbd19-debuginfo-10.6.13-150400.3.23.1 * openSUSE Leap 15.4 (noarch) * mariadb-errormessages-10.6.13-150400.3.23.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * mariadb-10.6.13-150400.3.23.1 * mariadb-test-debuginfo-10.6.13-150400.3.23.1 * mariadb-tools-debuginfo-10.6.13-150400.3.23.1 * mariadb-client-10.6.13-150400.3.23.1 * mariadb-debuginfo-10.6.13-150400.3.23.1 * mariadb-galera-10.6.13-150400.3.23.1 * libmariadbd-devel-10.6.13-150400.3.23.1 * mariadb-bench-10.6.13-150400.3.23.1 * mariadb-test-10.6.13-150400.3.23.1 * mariadb-tools-10.6.13-150400.3.23.1 * mariadb-debugsource-10.6.13-150400.3.23.1 * mariadb-rpm-macros-10.6.13-150400.3.23.1 * mariadb-bench-debuginfo-10.6.13-150400.3.23.1 * mariadb-client-debuginfo-10.6.13-150400.3.23.1 * libmariadbd19-10.6.13-150400.3.23.1 * libmariadbd19-debuginfo-10.6.13-150400.3.23.1 * openSUSE Leap 15.5 (noarch) * mariadb-errormessages-10.6.13-150400.3.23.1 ## References: * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1207404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 12:30:05 -0000 Subject: SUSE-SU-2023:2478-1: low: Security update for mariadb Message-ID: <168631380559.19040.5342540359170511082@smelt2.suse.de> # Security update for mariadb Announcement ID: SUSE-SU-2023:2478-1 Rating: low References: * #1207404 Cross-References: * CVE-2022-47015 CVSS scores: * CVE-2022-47015 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L * CVE-2022-47015 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Galera for Ericsson 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for mariadb fixes the following issues: Updated to version 10.5.20: * CVE-2022-47015: Fixed a denial of service that could be triggered by a crafted SQL query (bsc#1207404). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2478=1 * Galera for Ericsson 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-ERICSSON-2023-2478=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libmariadbd19-debuginfo-10.5.20-150300.3.28.1 * mariadb-debugsource-10.5.20-150300.3.28.1 * mariadb-tools-debuginfo-10.5.20-150300.3.28.1 * mariadb-tools-10.5.20-150300.3.28.1 * libmariadbd19-10.5.20-150300.3.28.1 * libmariadbd-devel-10.5.20-150300.3.28.1 * mariadb-client-10.5.20-150300.3.28.1 * mariadb-client-debuginfo-10.5.20-150300.3.28.1 * mariadb-debuginfo-10.5.20-150300.3.28.1 * mariadb-10.5.20-150300.3.28.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * mariadb-errormessages-10.5.20-150300.3.28.1 * Galera for Ericsson 15 SP3 (x86_64) * mariadb-galera-10.5.20-150300.3.28.1 ## References: * https://www.suse.com/security/cve/CVE-2022-47015.html * https://bugzilla.suse.com/show_bug.cgi?id=1207404 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 12:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 12:30:08 -0000 Subject: SUSE-SU-2023:2477-1: important: Security update for libcares2 Message-ID: <168631380824.19040.12919287750482976835@smelt2.suse.de> # Security update for libcares2 Announcement ID: SUSE-SU-2023:2477-1 Rating: important References: * #1211604 * #1211605 * #1211606 * #1211607 Cross-References: * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves four vulnerabilities can now be installed. ## Description: This update for libcares2 fixes the following issues: * CVE-2023-32067: Fixed a denial of service that could be triggered by a 0-byte UDP payload (bsc#1211604). * CVE-2023-31147: Fixed an insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-31130: Fixed a buffer underflow when configuring specific IPv6 addresses (bsc#1211606). * CVE-2023-31124: Fixed a build issue when cross-compiling that could lead to insufficient randomness (bsc#1211607). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2477=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2477=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2477=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2477=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2477=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2477=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2477=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2477=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2477=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2477=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2477=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * libcares-devel-1.9.1-9.12.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libcares2-debuginfo-1.9.1-9.12.1 * libcares2-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * libcares2-debuginfo-32bit-1.9.1-9.12.1 * libcares2-32bit-1.9.1-9.12.1 * libcares2-debugsource-1.9.1-9.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 9 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 09 Jun 2023 16:30:04 -0000 Subject: SUSE-RU-2023:2481-1: moderate: Recommended update for dracut Message-ID: <168632820407.8282.763610962359183947@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2481-1 Rating: moderate References: * #1210909 * #1211072 * #1211080 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has three recommended fixes can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.364.g4c1d0276: * Honor rd.timeout for nvme ctrl_loss_tmo (bsc#1211080) * Suppress warning if hostname is not set (bsc#1211072) * Set netroot=nbft (bsc#1210909) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2481=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2481=1 openSUSE-SLE-15.5-2023-2481=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dracut-debugsource-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-debuginfo-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-055+suse.364.g4c1d0276-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dracut-debugsource-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-ima-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-tools-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-debuginfo-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-extra-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-mkinitrd-deprecated-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-fips-055+suse.364.g4c1d0276-150500.3.3.1 * dracut-055+suse.364.g4c1d0276-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210909 * https://bugzilla.suse.com/show_bug.cgi?id=1211072 * https://bugzilla.suse.com/show_bug.cgi?id=1211080 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 07:02:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 09:02:00 +0200 (CEST) Subject: SUSE-IU-2023:337-1: Security update of suse-sles-15-sp4-chost-byos-v20230606-x86_64-gen2 Message-ID: <20230612070200.50FA9FC35@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230606-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:337-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230606-x86_64-gen2:20230606 Image Release : Severity : critical Type : security References : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478 1204563 1207410 1208329 1208581 1209094 1209140 1209237 1209245 1209406 1210164 1210298 1210593 1210640 1210649 1210702 1210870 1211144 1211230 1211231 1211232 1211233 1211430 1211604 1211605 1211606 1211607 1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230606-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1204563,1208581 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204478,1210640 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2366-1 Released: Mon Jun 5 09:23:08 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519,1209237,1209245 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-8.0.1-150400.5.23.1 updated - dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated - grub2-i386-pc-2.06-150400.11.33.1 updated - grub2-x86_64-efi-2.06-150400.11.33.1 updated - grub2-2.06-150400.11.33.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150400.3.25.2 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - runc-1.1.5-150000.43.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-sysvinit-249.16-150400.8.28.3 updated - systemd-249.16-150400.8.28.3 updated - udev-249.16-150400.8.28.3 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.16.4_02-150400.4.28.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated From sle-updates at lists.suse.com Mon Jun 12 07:02:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 09:02:17 +0200 (CEST) Subject: SUSE-IU-2023:338-1: Security update of sles-15-sp4-chost-byos-v20230606-arm64 Message-ID: <20230612070217.901C3FC35@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230606-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:338-1 Image Tags : sles-15-sp4-chost-byos-v20230606-arm64:20230606 Image Release : Severity : critical Type : security References : 1027519 1127591 1186870 1195633 1199282 1200441 1203141 1204478 1204563 1207410 1208329 1208581 1209094 1209131 1209140 1209237 1209245 1209406 1209550 1209669 1209905 1210089 1210105 1210164 1210298 1210593 1210640 1210649 1210702 1210870 1211144 1211230 1211231 1211232 1211233 1211430 1211604 1211605 1211606 1211607 1211643 CVE-2023-2650 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230606-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2276-1 Released: Wed May 24 07:54:42 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1204563,1208581 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) - Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2279-1 Released: Wed May 24 07:57:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204478,1210640 This update for dracut fixes the following issues: - Update to version 055+suse.342.g2e6dce8e: fips=1 and separate /boot break s390x (bsc#1204478): * fix(fips): move fips-boot script to pre-pivot * fix(fips): only unmount /boot if it was mounted by the fips module * feat(fips): add progress messages * fix(fips): do not blindly remove /boot * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2363-1 Released: Mon Jun 5 09:21:36 2023 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1209131,1209550,1209669,1209905,1210089,1210105 This update for libnvme, nvme-cli fixes the following issues: - Fix GC in Python binding (bsc#1209905 bsc#1209131) - Fix crash when printing json output for supported log pages (bsc#1209550) - Add coverity reported fixes (bsc#1209669) - Update host_traddr when using config.json file (bsc#1210089) - Fix compiler warning (git-fixes) - Fix condition in autoconnect service (bsc#1210105) - Set version-tag so that version are correctly reported ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2366-1 Released: Mon Jun 5 09:23:08 2023 Summary: Recommended update for xen Type: recommended Severity: moderate References: 1027519,1209237,1209245 This update for xen fixes the following issues: - Added debug-info to xen-syms (bsc#1209237) - Update to Xen 4.16.4 bug fix release (bsc#1027519) - Added upstream bug fixes (bsc#1027519) - Fix host-assisted kexec/kdump for HVM domUs (bsc#1209245) - Drop patches contained in new tarball and switch to upstream backports for some patches ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-8.0.1-150400.5.23.1 updated - dracut-055+suse.342.g2e6dce8e-150400.3.22.1 updated - grub2-i386-pc-2.06-150400.11.33.1 updated - grub2-x86_64-efi-2.06-150400.11.33.1 updated - grub2-2.06-150400.11.33.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - kbd-2.4.0-150400.5.6.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-8.0.1-150400.5.23.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libmount1-2.37.2-150400.8.17.1 updated - libnvme1-1.0+32.gb30ab4c96c2d-150400.3.21.1 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libuuid1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150400.3.25.2 updated - nvme-cli-2.0+40.gd857ed9befd6-150400.3.18.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - runc-1.1.5-150000.43.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-sysvinit-249.16-150400.8.28.3 updated - systemd-249.16-150400.8.28.3 updated - udev-249.16-150400.8.28.3 updated - util-linux-systemd-2.37.2-150400.8.17.1 updated - util-linux-2.37.2-150400.8.17.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.16.4_02-150400.4.28.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150400.3.21.2 updated From sle-updates at lists.suse.com Mon Jun 12 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 08:30:07 -0000 Subject: SUSE-SU-2023:2485-1: moderate: Security update for gdb Message-ID: <168655860794.17763.8661721840609504380@smelt2.suse.de> # Security update for gdb Announcement ID: SUSE-SU-2023:2485-1 Rating: moderate References: * #1068950 * #1081527 * #1192285 * #1207712 * #1210081 Cross-References: * CVE-2017-16829 * CVE-2018-7208 CVSS scores: * CVE-2017-16829 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2017-16829 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2018-7208 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2018-7208 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves two vulnerabilities, contains two features and has three fixes can now be installed. ## Description: This update for gdb fixes the following issues: gdb was updated to 12.1. (jsc#SLE-21561) * DBX mode is deprecated, and will be removed in GDB 13. * GDB 12 is the last release of GDB that will support building against Python 2. From GDB 13, it will only be possible to build GDB itself with Python 3 support. * Improved C++ template support: GDB now treats functions/types involving C++ templates like it does function overloads. Users may omit parameter lists to set breakpoints on families of template functions, including types/functions composed of multiple template types: (gdb) break template_func(template_1, int) The above will set breakpoints at every function `template_func' where the first function parameter is any template type named`template_1' and the second function parameter is `int'. TAB completion also gains similar improvements. * New commands: * maint set backtrace-on-fatal-signal on|off * maint show backtrace-on-fatal-signal This setting is 'on' by default. When 'on' GDB will print a limited backtrace to stderr in the situation where GDB terminates with a fatal signal. This only supported on some platforms where the backtrace and backtrace_symbols_fd functions are available. * set source open on|off * show source open This setting, which is on by default, controls whether GDB will try to open source code files. Switching this off will stop GDB trying to open and read source code files, which can be useful if the files are located over a slow network connection. * set varsize-limit * show varsize-limit These are now deprecated aliases for "set max-value-size" and "show max-value- size". * task apply [all | TASK-IDS...] [FLAG]... COMMAND Like "thread apply", but applies COMMAND to Ada tasks. * watch [...] task ID Watchpoints can now be restricted to a specific Ada task. * maint set internal-error backtrace on|off * maint show internal-error backtrace * maint set internal-warning backtrace on|off * maint show internal-warning backtrace GDB can now print a backtrace of itself when it encounters either an internal- error, or an internal-warning. This is on by default for internal-error and off by default for internal-warning. * set logging on|off Deprecated and replaced by "set logging enabled on|off". * set logging enabled on|off * show logging enabled These commands set or show whether logging is enabled or disabled. * exit You can now exit GDB by using the new command "exit", in addition to the existing "quit" command. * set debug threads on|off * show debug threads Print additional debug messages about thread creation and deletion. * set debug linux-nat on|off * show debug linux-nat These new commands replaced the old 'set debug lin-lwp' and 'show debug lin-lwp' respectively. Turning this setting on prints debug messages relating to GDB's handling of native Linux inferiors. * maint flush source-cache Flush the contents of the source code cache. * maint set gnu-source-highlight enabled on|off * maint show gnu-source-highlight enabled Whether GDB should use the GNU Source Highlight library for adding styling to source code. When off, the library will not be used, even when available. When GNU Source Highlight isn't used, or can't add styling to a particular source file, then the Python Pygments library will be used instead. * set suppress-cli-notifications (on|off) * show suppress-cli-notifications This controls whether printing the notifications is suppressed for CLI. CLI notifications occur when you change the selected context (i.e., the current inferior, thread and/or the frame), or when the program being debugged stops (e.g., because of hitting a breakpoint, completing source-stepping, an interrupt, etc.). * set style disassembler enabled on|off * show style disassembler enabled If GDB is compiled with Python support, and the Python Pygments package is available, then, when this setting is on, disassembler output will have styling applied. * set ada source-charset * show ada source-charset Set the character set encoding that is assumed for Ada symbols. Valid values for this follow the values that can be passed to the GNAT compiler via the '-gnati' option. The default is ISO-8859-1. * Changed commands: * print Printing of floating-point values with base-modifying formats like /x has been changed to display the underlying bytes of the value in the desired base. This was GDB's documented behavior, but was never implemented correctly. * maint packet This command can now print a reply, if the reply includes non-printable characters. Any non-printable characters are printed as escaped hex, e.g. \x?? where '??' is replaces with the value of the non-printable character. * clone-inferior The clone-inferior command now ensures that the TTY, CMD and ARGS settings are copied from the original inferior to the new one. All modifications to the environment variables done using the 'set environment' or 'unset environment' commands are also copied to the new inferior. * set debug lin-lwp on|off * show debug lin-lwp These commands have been removed from GDB. The new command 'set debug linux-nat' and 'show debug linux-nat' should be used instead. * info win This command now includes information about the width of the tui windows in its output. * GDB's Ada parser now supports an extension for specifying the exact byte contents of a floating-point literal. This can be useful for setting floating-point registers to a precise value without loss of precision. The syntax is an extension of the based literal syntax. Use, e.g., "16lf#0123abcd#" \-- the number of "l"s controls the width of the floating- point type, and the "f" is the marker for floating point. * MI changes: ** The '-add-inferior' with no option flags now inherits the connection of the current inferior, this restores the behaviour of GDB as it was prior to GDB 10. ** The '-add-inferior' command now accepts a '\--no-connection' option, which causes the new inferior to start without a connection. * Python API: ** New function gdb.add_history(), which takes a gdb.Value object and adds the value it represents to GDB's history list. An integer, the index of the new item in the history list, is returned. ** New function gdb.history_count(), which returns the number of values in GDB's value history. ** New gdb.events.gdb_exiting event. This event is called with a gdb.GdbExitingEvent object which has the read-only attribute 'exit_code', which contains the value of the GDB exit code. This event is triggered once GDB decides it is going to exit, but before GDB starts to clean up its internal state. ** New function gdb.architecture_names(), which returns a list containing all of the possible Architecture.name() values. Each entry is a string. ** New function gdb.Architecture.integer_type(), which returns an integer type given a size and a signed-ness. ** New gdb.TargetConnection object type that represents a connection (as displayed by the 'info connections' command). A sub-class, gdb.RemoteTargetConnection, is used to represent 'remote' and 'extended-remote' connections. ** The gdb.Inferior type now has a 'connection' property which is an instance of gdb.TargetConnection, the connection used by this inferior. This can be None if the inferior has no connection. ** New 'gdb.events.connection_removed' event registry, which emits a 'gdb.ConnectionEvent' when a connection is removed from GDB. This event has a 'connection' property, a gdb.TargetConnection object for the connection being removed. ** New gdb.connections() function that returns a list of all currently active connections. ** New gdb.RemoteTargetConnection.send_packet(PACKET) method. This is equivalent to the existing 'maint packet' CLI command; it allows a user specified packet to be sent to the remote target. ** New function gdb.host_charset(), returns a string, which is the name of the current host charset. ** New gdb.set_parameter(NAME, VALUE). This sets the gdb parameter NAME to VALUE. ** New gdb.with_parameter(NAME, VALUE). This returns a context manager that temporarily sets the gdb parameter NAME to VALUE, then resets it when the context is exited. ** The gdb.Value.format_string method now takes a 'styling' argument, which is a boolean. When true, the returned string can include escape sequences to apply styling. The styling will only be present if styling is otherwise turned on in GDB (see 'help set styling'). When false, which is the default if the argument is not given, then no styling is applied to the returned string. ** New read-only attribute gdb.InferiorThread.details, which is either a string, containing additional, target specific thread state information, or None, if there is no such additional information. ** New read-only attribute gdb.Type.is_scalar, which is True for scalar types, and False for all other types. ** New read-only attribute gdb.Type.is_signed. This attribute should only be read when Type.is_scalar is True, and will be True for signed types, and False for all other types. Attempting to read this attribute for non-scalar types will raise a ValueError. ** It is now possible to add GDB/MI commands implemented in Python. * Update libipt to v2.0.5. * CVE-2018-7208: Fixed improper bounds check in coffgen.c:coff_pointerize_aux() that allowed for denial of service when parsing a crafted COFF file (bsc#1081527). * CVE-2017-16829: Fixed possible remote denial of service via the _bfd_elf_parse_gnu_properties() function in elf-properties.c (bsc#1068950). Bug fixes: * Fixed license (bsc#1210081). * Advertises RHEL version support status (bsc#1207712). * Fixed crashes while debugging a clang-cpp app (bsc#1192285). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2485=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2485=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * gdb-debuginfo-12.1-2.20.1 * gdb-debugsource-12.1-2.20.1 * gdbserver-12.1-2.20.1 * gdbserver-debuginfo-12.1-2.20.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x) * gdb-debuginfo-32bit-12.1-2.20.1 * gdbserver-debuginfo-32bit-12.1-2.20.1 * gdbserver-32bit-12.1-2.20.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * gdb-12.1-2.20.1 * gdb-debugsource-12.1-2.20.1 * gdb-debuginfo-12.1-2.20.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * gdb-12.1-2.20.1 * gdb-debugsource-12.1-2.20.1 * gdb-debuginfo-12.1-2.20.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gdb-12.1-2.20.1 * gdb-debugsource-12.1-2.20.1 * gdb-debuginfo-12.1-2.20.1 ## References: * https://www.suse.com/security/cve/CVE-2017-16829.html * https://www.suse.com/security/cve/CVE-2018-7208.html * https://bugzilla.suse.com/show_bug.cgi?id=1068950 * https://bugzilla.suse.com/show_bug.cgi?id=1081527 * https://bugzilla.suse.com/show_bug.cgi?id=1192285 * https://bugzilla.suse.com/show_bug.cgi?id=1207712 * https://bugzilla.suse.com/show_bug.cgi?id=1210081 * https://jira.suse.com/browse/SLE-21561 * https://jira.suse.com/browse/SLE-22287 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 08:30:09 -0000 Subject: SUSE-SU-2023:2484-1: moderate: Security update for openldap2 Message-ID: <168655860999.17763.11894976628751333049@smelt2.suse.de> # Security update for openldap2 Announcement ID: SUSE-SU-2023:2484-1 Rating: moderate References: * #1211795 Cross-References: * CVE-2023-2953 CVSS scores: * CVE-2023-2953 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for openldap2 fixes the following issues: * CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2484=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2484=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2484=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2484=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2484=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2484=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2484=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2484=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2484=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2484=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2484=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2484=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2484=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2484=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2484=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openSUSE Leap Micro 5.3 (noarch) * libldap-data-2.4.46-150200.14.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-static-2.4.46-150200.14.14.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-2.4.46-150200.14.14.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.14.1 * openldap2-back-meta-2.4.46-150200.14.14.1 * openldap2-back-sql-debuginfo-2.4.46-150200.14.14.1 * openldap2-contrib-2.4.46-150200.14.14.1 * openldap2-back-sock-2.4.46-150200.14.14.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.14.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openldap2-back-perl-2.4.46-150200.14.14.1 * openldap2-back-sock-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-2.4.46-150200.14.14.1 * openldap2-back-sql-2.4.46-150200.14.14.1 * openldap2-2.4.46-150200.14.14.1 * openldap2-ppolicy-check-password-1.2-150200.14.14.1 * openSUSE Leap 15.4 (x86_64) * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-2.4.46-150200.14.14.1 * openldap2-devel-32bit-2.4.46-150200.14.14.1 * openSUSE Leap 15.4 (noarch) * libldap-data-2.4.46-150200.14.14.1 * openldap2-doc-2.4.46-150200.14.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-static-2.4.46-150200.14.14.1 * openldap2-back-meta-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-2.4.46-150200.14.14.1 * openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.14.1 * openldap2-back-meta-2.4.46-150200.14.14.1 * openldap2-back-sql-debuginfo-2.4.46-150200.14.14.1 * openldap2-contrib-2.4.46-150200.14.14.1 * openldap2-back-sock-2.4.46-150200.14.14.1 * openldap2-back-perl-debuginfo-2.4.46-150200.14.14.1 * openldap2-contrib-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openldap2-back-perl-2.4.46-150200.14.14.1 * openldap2-back-sock-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-2.4.46-150200.14.14.1 * openldap2-back-sql-2.4.46-150200.14.14.1 * openldap2-2.4.46-150200.14.14.1 * openldap2-ppolicy-check-password-1.2-150200.14.14.1 * openSUSE Leap 15.5 (x86_64) * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-2.4.46-150200.14.14.1 * openldap2-devel-32bit-2.4.46-150200.14.14.1 * openSUSE Leap 15.5 (noarch) * libldap-data-2.4.46-150200.14.14.1 * openldap2-doc-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libldap-data-2.4.46-150200.14.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openldap2-devel-static-2.4.46-150200.14.14.1 * openldap2-client-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-2.4.46-150200.14.14.1 * Basesystem Module 15-SP4 (noarch) * libldap-data-2.4.46-150200.14.14.1 * Basesystem Module 15-SP4 (x86_64) * libldap-2_4-2-32bit-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openldap2-devel-static-2.4.46-150200.14.14.1 * openldap2-client-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-2.4.46-150200.14.14.1 * Basesystem Module 15-SP5 (noarch) * libldap-data-2.4.46-150200.14.14.1 * Basesystem Module 15-SP5 (x86_64) * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-2.4.46-150200.14.14.1 * Development Tools Module 15-SP4 (x86_64) * openldap2-devel-32bit-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * Development Tools Module 15-SP5 (x86_64) * openldap2-devel-32bit-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-2.4.46-150200.14.14.1 * openldap2-devel-32bit-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * openldap2-devel-static-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-2.4.46-150200.14.14.1 * libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.14.1 * openldap2-client-debuginfo-2.4.46-150200.14.14.1 * openldap2-devel-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libldap-data-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libldap-2_4-2-2.4.46-150200.14.14.1 * openldap2-debuginfo-2.4.46-150200.14.14.1 * libldap-2_4-2-debuginfo-2.4.46-150200.14.14.1 * openldap2-debugsource-2.4.46-150200.14.14.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libldap-data-2.4.46-150200.14.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2953.html * https://bugzilla.suse.com/show_bug.cgi?id=1211795 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 08:30:11 -0000 Subject: SUSE-SU-2023:2483-1: moderate: Security update for openldap2 Message-ID: <168655861175.17763.1091071084541719354@smelt2.suse.de> # Security update for openldap2 Announcement ID: SUSE-SU-2023:2483-1 Rating: moderate References: * #1211795 Cross-References: * CVE-2023-2953 CVSS scores: * CVE-2023-2953 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openldap2 fixes the following issues: * CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2483=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2483=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2483=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2483=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * openldap2-back-perl-debuginfo-2.4.41-22.19.1 * openldap2-devel-static-2.4.41-22.19.1 * openldap2-back-perl-2.4.41-22.19.1 * openldap2-debuginfo-2.4.41-22.19.1 * openldap2-debugsource-2.4.41-22.19.1 * openldap2-devel-2.4.41-22.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libldap-2_4-2-debuginfo-2.4.41-22.19.1 * openldap2-2.4.41-22.19.1 * libldap-2_4-2-2.4.41-22.19.1 * openldap2-ppolicy-check-password-debuginfo-1.2-22.19.1 * openldap2-back-meta-2.4.41-22.19.1 * openldap2-client-debuginfo-2.4.41-22.19.1 * openldap2-debuginfo-2.4.41-22.19.1 * openldap2-back-meta-debuginfo-2.4.41-22.19.1 * openldap2-debugsource-2.4.41-22.19.1 * openldap2-ppolicy-check-password-1.2-22.19.1 * openldap2-client-2.4.41-22.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openldap2-doc-2.4.41-22.19.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libldap-2_4-2-debuginfo-32bit-2.4.41-22.19.1 * libldap-2_4-2-32bit-2.4.41-22.19.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libldap-2_4-2-debuginfo-2.4.41-22.19.1 * openldap2-2.4.41-22.19.1 * libldap-2_4-2-2.4.41-22.19.1 * openldap2-ppolicy-check-password-debuginfo-1.2-22.19.1 * openldap2-back-meta-2.4.41-22.19.1 * openldap2-client-debuginfo-2.4.41-22.19.1 * openldap2-debuginfo-2.4.41-22.19.1 * openldap2-back-meta-debuginfo-2.4.41-22.19.1 * openldap2-debugsource-2.4.41-22.19.1 * openldap2-ppolicy-check-password-1.2-22.19.1 * openldap2-client-2.4.41-22.19.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openldap2-doc-2.4.41-22.19.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libldap-2_4-2-debuginfo-32bit-2.4.41-22.19.1 * libldap-2_4-2-32bit-2.4.41-22.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libldap-2_4-2-debuginfo-2.4.41-22.19.1 * openldap2-2.4.41-22.19.1 * libldap-2_4-2-2.4.41-22.19.1 * openldap2-ppolicy-check-password-debuginfo-1.2-22.19.1 * openldap2-back-meta-2.4.41-22.19.1 * openldap2-client-debuginfo-2.4.41-22.19.1 * openldap2-debuginfo-2.4.41-22.19.1 * openldap2-back-meta-debuginfo-2.4.41-22.19.1 * openldap2-debugsource-2.4.41-22.19.1 * openldap2-ppolicy-check-password-1.2-22.19.1 * openldap2-client-2.4.41-22.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openldap2-doc-2.4.41-22.19.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libldap-2_4-2-debuginfo-32bit-2.4.41-22.19.1 * libldap-2_4-2-32bit-2.4.41-22.19.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2953.html * https://bugzilla.suse.com/show_bug.cgi?id=1211795 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 08:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 08:30:13 -0000 Subject: SUSE-RU-2023:2482-1: moderate: Recommended update for systemd-rpm-macros Message-ID: <168655861356.17763.2014905651937296421@smelt2.suse.de> # Recommended update for systemd-rpm-macros Announcement ID: SUSE-RU-2023:2482-1 Rating: moderate References: * #1211272 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for systemd-rpm-macros fixes the following issues: * Adjust functions so they are disabled when called from a chroot (bsc#1211272) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2482=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2482=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2482=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2482=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2482=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2482=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2482=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2482=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2482=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * openSUSE Leap 15.4 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * Basesystem Module 15-SP4 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * Basesystem Module 15-SP5 (noarch) * systemd-rpm-macros-13-150000.7.33.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * systemd-rpm-macros-13-150000.7.33.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211272 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 12:30:12 -0000 Subject: SUSE-RU-2023:2488-1: moderate: Recommended update for ceph, ceph-image, ceph-iscsi Message-ID: <168657301223.14755.2452938845188061873@smelt2.suse.de> # Recommended update for ceph, ceph-image, ceph-iscsi Announcement ID: SUSE-RU-2023:2488-1 Rating: moderate References: * #1199880 * #1201088 * #1208820 * #1209621 * #1210153 * #1210243 * #1210314 * #1210719 * #1210784 * #1210944 * #1211090 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Server 15 SP3 An update that has 11 recommended fixes can now be installed. ## Description: This update for ceph, ceph-image, ceph-iscsi fixes the following issues: * Update to 16.2.13-66-g54799ee0666: * (bsc#1199880) mgr: don't dump global config holding gil * (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears * (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs * (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate * (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments * (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' * (bsc#1210944) cmake: patch boost source to support python 3.11 * (bsc#1211090) fix FTBFS on s390x * Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. * Update to 16.2.11-65-g8b7e6fc0182: * (bsc#1201088) test/librados: fix FTBFS on gcc 13 * (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create * Update to 16.2.11-62-gce6291a3463: * (bsc#1201088) fix FTBFS on gcc 13 * Update to 16.2.13-66-g54799ee0666: * (bsc#1199880) mgr: don't dump global config holding gil * (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears * (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs * (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate * (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments * (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' * (bsc#1210944) cmake: patch boost source to support python 3.11 * (bsc#1211090) fix FTBFS on s390x * Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. * Update to 16.2.11-65-g8b7e6fc0182: * (bsc#1201088) test/librados: fix FTBFS on gcc 13 * (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create * Update to 16.2.11-62-gce6291a3463: * (bsc#1201088) fix FTBFS on gcc 13 * Update to 3.5+1679292226.g8769429: * rbd-target-api: don't ignore controls on disk create (bsc#1208820) * checkin.sh: default to ses7 branch ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2488=1 ## Package List: * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * librbd1-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * ceph-common-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rados-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-cephfs-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * libcephfs2-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * librados2-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rbd-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-cephfs-16.2.13.66+g54799ee0666-150300.3.11.1 * librgw2-16.2.13.66+g54799ee0666-150300.3.11.1 * rbd-nbd-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rados-16.2.13.66+g54799ee0666-150300.3.11.1 * librados2-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * librbd1-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rgw-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rbd-16.2.13.66+g54799ee0666-150300.3.11.1 * libcephfs2-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.3.11.1 * ceph-base-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-rgw-16.2.13.66+g54799ee0666-150300.3.11.1 * rbd-nbd-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * python3-ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 * librgw2-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * ceph-debugsource-16.2.13.66+g54799ee0666-150300.3.11.1 * ceph-base-debuginfo-16.2.13.66+g54799ee0666-150300.3.11.1 * SUSE Enterprise Storage 7.1 (noarch) * cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1199880 * https://bugzilla.suse.com/show_bug.cgi?id=1201088 * https://bugzilla.suse.com/show_bug.cgi?id=1208820 * https://bugzilla.suse.com/show_bug.cgi?id=1209621 * https://bugzilla.suse.com/show_bug.cgi?id=1210153 * https://bugzilla.suse.com/show_bug.cgi?id=1210243 * https://bugzilla.suse.com/show_bug.cgi?id=1210314 * https://bugzilla.suse.com/show_bug.cgi?id=1210719 * https://bugzilla.suse.com/show_bug.cgi?id=1210784 * https://bugzilla.suse.com/show_bug.cgi?id=1210944 * https://bugzilla.suse.com/show_bug.cgi?id=1211090 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 12 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 12 Jun 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2489-1: important: Security update for MozillaFirefox Message-ID: <168658740217.25874.12052933465683757958@smelt2.suse.de> # Security update for MozillaFirefox Announcement ID: SUSE-SU-2023:2489-1 Rating: important References: * #1211922 Cross-References: * CVE-2023-34414 * CVE-2023-34416 CVSS scores: Affected Products: * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for MozillaFirefox fixes the following issues: Extended Support Release 102.12.0 ESR (bsc#1211922): * CVE-2023-34414: Click-jacking certificate exceptions through rendering lag * CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2489=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2489=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2489=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2489=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2489=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2489=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2489=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2489=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2489=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2489=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2489=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2489=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2489=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2489=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-branding-upstream-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.12.0-150200.152.90.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.12.0-150200.152.90.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * MozillaFirefox-devel-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * MozillaFirefox-debugsource-102.12.0-150200.152.90.1 * MozillaFirefox-102.12.0-150200.152.90.1 * MozillaFirefox-debuginfo-102.12.0-150200.152.90.1 * MozillaFirefox-translations-common-102.12.0-150200.152.90.1 * MozillaFirefox-devel-102.12.0-150200.152.90.1 * MozillaFirefox-translations-other-102.12.0-150200.152.90.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34414.html * https://www.suse.com/security/cve/CVE-2023-34416.html * https://bugzilla.suse.com/show_bug.cgi?id=1211922 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 07:02:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:02:40 +0200 (CEST) Subject: SUSE-CU-2023:1835-1: Security update of ses/7.1/cephcsi/cephcsi Message-ID: <20230613070240.3936DF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1835-1 Container Tags : ses/7.1/cephcsi/cephcsi:3.8.0.1 , ses/7.1/cephcsi/cephcsi:3.8.0.1.0.4.5.49 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.8.0.1 , ses/7.1/cephcsi/cephcsi:v3.8.0.1.0 Container Release : 4.5.49 Severity : important Type : security References : 1127591 1186870 1195633 1199282 1199880 1201088 1206513 1207014 1208329 1208820 1209406 1209621 1210153 1210164 1210243 1210314 1210593 1210719 1210784 1210870 1210944 1211090 1211231 1211232 1211233 1211246 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 CVE-2023-30861 ----------------------------------------------------------------- The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2264-1 Released: Mon May 22 12:19:52 2023 Summary: Security update for python-Flask Type: security Severity: important References: 1211246,CVE-2023-30861 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2488-1 Released: Mon Jun 12 11:10:29 2023 Summary: Recommended update for ceph, ceph-image, ceph-iscsi Type: recommended Severity: moderate References: 1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090 This update for ceph, ceph-image, ceph-iscsi fixes the following issues: - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 3.5+1679292226.g8769429: + rbd-target-api: don't ignore controls on disk create (bsc#1208820) - checkin.sh: default to ses7 branch The following package changes have been done: - ceph-base-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-iscsi-3.5+1679292226.g8769429-150300.3.6.1 updated - ceph-mds-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-dashboard-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-modules-core-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-rook-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mon-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-osd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-prometheus-alerts-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-radosgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcephfs2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcephsqlite-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - librados2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librbd1-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librgw2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - python3-Flask-1.0.2-150100.6.3.1 updated - python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-cephfs-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-rados-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rbd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - rbd-mirror-16.2.13.66+g54799ee0666-150300.3.11.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:ceph-image-1.0.0-4.7.2 updated From sle-updates at lists.suse.com Tue Jun 13 07:02:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:02:49 +0200 (CEST) Subject: SUSE-CU-2023:1836-1: Security update of ses/7.1/ceph/grafana Message-ID: <20230613070249.C7AA8F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1836-1 Container Tags : ses/7.1/ceph/grafana:8.5.22 , ses/7.1/ceph/grafana:8.5.22.3.4.77 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific Container Release : 3.4.77 Severity : important Type : security References : 1065270 1127591 1195633 1199132 1199880 1201088 1203599 1204585 1206513 1207571 1207957 1207975 1207992 1208329 1208358 1208819 1208820 1208821 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209621 1209624 1209645 1209713 1209714 1209873 1209878 1210135 1210153 1210164 1210243 1210314 1210411 1210412 1210434 1210507 1210593 1210719 1210784 1210870 1210944 1211090 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0507 CVE-2023-0594 CVE-2023-0687 CVE-2023-1410 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1904-1 Released: Wed Apr 19 05:09:21 2023 Summary: Security update for grafana Type: security Severity: important References: 1208819,1208821,1209645,CVE-2023-0507,CVE-2023-0594,CVE-2023-1410 This version update from 8.5.20 to 8.5.22 for grafana fixes the following issues: - Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) - The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2488-1 Released: Mon Jun 12 11:10:29 2023 Summary: Recommended update for ceph, ceph-image, ceph-iscsi Type: recommended Severity: moderate References: 1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090 This update for ceph, ceph-image, ceph-iscsi fixes the following issues: - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 3.5+1679292226.g8769429: + rbd-target-api: don't ignore controls on disk create (bsc#1208820) - checkin.sh: default to ses7 branch The following package changes have been done: - ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated - glibc-2.31-150300.46.1 updated - grafana-8.5.22-150200.3.38.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.11-150200.61.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:02:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:02:59 +0200 (CEST) Subject: SUSE-CU-2023:1837-1: Security update of ses/7.1/ceph/haproxy Message-ID: <20230613070259.0A48EF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/haproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1837-1 Container Tags : ses/7.1/ceph/haproxy:2.0.31 , ses/7.1/ceph/haproxy:2.0.31.3.5.422 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific Container Release : 3.5.422 Severity : important Type : security References : 1127591 1195633 1206513 1208329 1209406 1210164 1210593 1210870 1211144 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - util-linux-2.36.2-150300.4.35.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xxd-9.0.1443-150000.5.43.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:08 +0200 (CEST) Subject: SUSE-CU-2023:1838-1: Security update of ses/7.1/ceph/ceph Message-ID: <20230613070308.36366F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1838-1 Container Tags : ses/7.1/ceph/ceph:16.2.13.66 , ses/7.1/ceph/ceph:16.2.13.66.4.7.2 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific Container Release : 4.7.2 Severity : important Type : security References : 1065270 1127591 1186870 1195633 1199132 1199282 1199880 1200710 1201088 1201617 1203201 1203599 1203746 1204585 1206483 1206513 1206781 1207014 1207022 1207571 1207843 1207957 1207975 1207992 1208036 1208283 1208329 1208358 1208820 1208905 1209122 1209209 1209210 1209211 1209212 1209214 1209361 1209362 1209406 1209533 1209621 1209624 1209713 1209714 1209873 1209878 1210135 1210153 1210164 1210243 1210314 1210411 1210412 1210434 1210507 1210593 1210719 1210784 1210870 1210944 1211090 1211231 1211232 1211233 1211246 1211339 1211430 1211795 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-23931 CVE-2023-24593 CVE-2023-25180 CVE-2023-25577 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 CVE-2023-30861 ----------------------------------------------------------------- The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1693-1 Released: Thu Mar 30 10:16:39 2023 Summary: Security update for python-Werkzeug Type: security Severity: important References: 1208283,CVE-2023-25577 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1757-1 Released: Tue Apr 4 13:18:19 2023 Summary: Recommended update for smartmontools Type: recommended Severity: important References: 1208905 This update for smartmontools fixes the following issues: - Fix `smartctl` issue affecting NVMe on big endian systems (bsc#1208905) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1954-1 Released: Mon Apr 24 11:10:40 2023 Summary: Recommended update for xmlsec1 Type: recommended Severity: low References: 1201617 This update for xmlsec1 fixes the following issue: - Ship missing xmlsec1 to synchronize its version across different products (bsc#1201617) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2264-1 Released: Mon May 22 12:19:52 2023 Summary: Security update for python-Flask Type: security Severity: important References: 1211246,CVE-2023-30861 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2488-1 Released: Mon Jun 12 11:10:29 2023 Summary: Recommended update for ceph, ceph-image, ceph-iscsi Type: recommended Severity: moderate References: 1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090 This update for ceph, ceph-image, ceph-iscsi fixes the following issues: - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 3.5+1679292226.g8769429: + rbd-target-api: don't ignore controls on disk create (bsc#1208820) - checkin.sh: default to ses7 branch The following package changes have been done: - ceph-base-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-iscsi-3.5+1679292226.g8769429-150300.3.6.1 updated - ceph-mds-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-dashboard-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-modules-core-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-rook-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mon-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-osd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-prometheus-alerts-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-radosgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-16.2.13.66+g54799ee0666-150300.3.11.1 updated - glib2-tools-2.62.6-150200.3.15.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcephfs2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcephsqlite-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgio-2_0-0-2.62.6-150200.3.15.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libgmodule-2_0-0-2.62.6-150200.3.15.1 updated - libgobject-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - librados2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librbd1-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librgw2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libxmlsec1-1-1.2.28-150100.7.13.4 updated - libxmlsec1-openssl1-1.2.28-150100.7.13.4 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.11-150200.61.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - nfs-kernel-server-2.1.1-150100.10.32.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - python3-Flask-1.0.2-150100.6.3.1 updated - python3-Werkzeug-1.0.1-150300.3.3.1 updated - python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-cephfs-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-rados-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rbd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - rbd-mirror-16.2.13.66+g54799ee0666-150300.3.11.1 updated - shadow-4.8.1-150300.4.6.1 updated - smartmontools-7.2-150300.8.8.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:16 +0200 (CEST) Subject: SUSE-CU-2023:1839-1: Security update of ses/7.1/ceph/keepalived Message-ID: <20230613070316.F41C6F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/keepalived ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1839-1 Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.405 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific Container Release : 3.5.405 Severity : important Type : security References : 1065270 1127591 1178233 1195633 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206513 1206949 1207294 1207571 1207957 1207975 1207992 1208329 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210164 1210411 1210412 1210434 1210507 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.11-150200.61.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:24 +0200 (CEST) Subject: SUSE-CU-2023:1840-1: Security update of ses/7.1/cephcsi/csi-attacher Message-ID: <20230613070324.DE66EF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1840-1 Container Tags : ses/7.1/cephcsi/csi-attacher:v3.5.0 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.5.0-rev1-build2.2.463 Container Release : 2.2.463 Severity : important Type : security References : 1065270 1127591 1178233 1195633 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206513 1206949 1207294 1207571 1207957 1207975 1207992 1208329 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210164 1210411 1210412 1210434 1210507 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.11-150200.61.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:32 +0200 (CEST) Subject: SUSE-CU-2023:1841-1: Security update of ses/7.1/cephcsi/csi-node-driver-registrar Message-ID: <20230613070332.AA3F2F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1841-1 Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.1-rev1-build2.2.470 Container Release : 2.2.470 Severity : important Type : security References : 1127591 1195633 1206513 1208329 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:40 +0200 (CEST) Subject: SUSE-CU-2023:1842-1: Security update of ses/7.1/cephcsi/csi-provisioner Message-ID: <20230613070340.AE8EDF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1842-1 Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.2.1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.2.1-rev1-build2.2.459 Container Release : 2.2.459 Severity : important Type : security References : 1127591 1195633 1206513 1208329 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:49 +0200 (CEST) Subject: SUSE-CU-2023:1843-1: Security update of ses/7.1/cephcsi/csi-resizer Message-ID: <20230613070349.684A8F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1843-1 Container Tags : ses/7.1/cephcsi/csi-resizer:v1.5.0 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.5.0-rev1-build2.2.452 Container Release : 2.2.452 Severity : important Type : security References : 1127591 1195633 1206513 1208329 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:1844-1: Security update of ses/7.1/cephcsi/csi-snapshotter Message-ID: <20230613070356.B9A11F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1844-1 Container Tags : ses/7.1/cephcsi/csi-snapshotter:v6.0.1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v6.0.1-rev1-build2.2.454 Container Release : 2.2.454 Severity : important Type : security References : 1065270 1127591 1178233 1195633 1199132 1203248 1203249 1203599 1203715 1204548 1204585 1204956 1205570 1205636 1206513 1206949 1207294 1207571 1207957 1207975 1207992 1208329 1208358 1209122 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209624 1209713 1209714 1209873 1209878 1210135 1210164 1210411 1210412 1210434 1210507 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2021-3541 CVE-2022-29824 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-23916 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - glibc-2.31-150300.46.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.11-150200.61.1 updated - login_defs-4.8.1-150300.4.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150300.4.6.1 updated - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:04:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:04:04 +0200 (CEST) Subject: SUSE-CU-2023:1845-1: Security update of ses/7.1/ceph/prometheus-alertmanager Message-ID: <20230613070404.84470F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1845-1 Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.452 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific Container Release : 3.2.452 Severity : important Type : security References : 1127591 1195633 1197284 1203185 1206513 1208051 1208060 1208064 1208329 1208965 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2022-27191 CVE-2022-27664 CVE-2022-46146 CVE-2022-46146 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2181-1 Released: Thu May 11 18:49:16 2023 Summary: Security update for SUSE Manager 4.3: Server Type: security Severity: important References: 1208060,1208965,CVE-2022-46146 Security update for SUSE Manager 4.3: Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2187-1 Released: Thu May 11 18:59:16 2023 Summary: Security update for Prometheus Golang clients Type: security Severity: moderate References: 1197284,1203185,1208051,1208064,CVE-2022-27191,CVE-2022-27664,CVE-2022-46146 This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats - Change build requirement to go1.18 or higher (previously this was fixed to version 1.14) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - golang-github-prometheus-alertmanager-0.23.0-150100.4.13.2 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - system-user-prometheus-1.0.0-150000.8.4 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:04:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:04:12 +0200 (CEST) Subject: SUSE-CU-2023:1846-1: Security update of ses/7.1/ceph/prometheus-node-exporter Message-ID: <20230613070412.980AFF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1846-1 Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.5.0 , ses/7.1/ceph/prometheus-node-exporter:1.5.0.3.2.442 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific Container Release : 3.2.442 Severity : important Type : security References : 1127591 1195633 1197284 1203185 1206513 1208051 1208064 1208329 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2022-27191 CVE-2022-27664 CVE-2022-46146 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2187-1 Released: Thu May 11 18:59:16 2023 Summary: Security update for Prometheus Golang clients Type: security Severity: moderate References: 1197284,1203185,1208051,1208064,CVE-2022-27191,CVE-2022-27664,CVE-2022-46146 This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues: golang-github-prometheus-alertmanager: - Security issues fixed: * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051) golang-github-prometheus-node_exporter: - Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578): * CVE-2022-27191: Update go/x/crypto (bsc#1197284) * CVE-2022-27664: Update go/x/net (bsc#1203185) * CVE-2022-46146: Update exporter-toolkit (bsc#1208064) - Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578): * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads. * [BUGFIX] Fix hwmon label sanitizer * [BUGFIX] Use native endianness when encoding InetDiagMsg * [BUGFIX] Fix btrfs device stats always being zero * [BUGFIX] Fix diskstats exclude flags * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning * [BUGFIX] Fix concurrency issue in ethtool collector * [BUGFIX] Fix concurrency issue in netdev collector * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes * [BUGFIX] Fix iostat on macos broken by deprecation warning * [BUGFIX] Fix NodeFileDescriptorLimit alerts * [BUGFIX] Sanitize rapl zone names * [BUGFIX] Add file descriptor close safely in test * [BUGFIX] Fix race condition in os_release.go * [BUGFIX] Skip ZFS IO metrics if their paths are missing * [BUGFIX] Handle nil CPU thermal power status on M1 * [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE * [BUGFIX] Sanitize UTF-8 in dmi collector * [CHANGE] Merge metrics descriptions in textfile collector * [FEATURE] Add multiple listeners and systemd socket listener activation * [FEATURE] [node-mixin] Add darwin dashboard to mixin * [FEATURE] Add 'isolated' metric on cpu collector on linux * [FEATURE] Add cgroup summary collector * [FEATURE] Add selinux collector * [FEATURE] Add slab info collector * [FEATURE] Add sysctl collector * [FEATURE] Also track the CPU Spin time for OpenBSD systems * [FEATURE] Add support for MacOS version * [ENHANCEMENT] Add RTNL version of netclass collector * [ENHANCEMENT] [node-mixin] Add missing selectors * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default * [ENHANCEMENT] [node-mixin] Change disk graph to disk table * [ENHANCEMENT] [node-mixin] Change io time units to %util * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin * [ENHANCEMENT] Add device filter flags to arp collector * [ENHANCEMENT] Add diskstats include and exclude device flags * [ENHANCEMENT] Add node_softirqs_total metric * [ENHANCEMENT] Add rapl zone name label option * [ENHANCEMENT] Add slabinfo collector * [ENHANCEMENT] Allow user to select port on NTP server to query * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev * [ENHANCEMENT] Enable builds against older macOS SDK * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name * [ENHANCEMENT] systemd: Expose systemd minor version * [ENHANCEMENT] Use netlink for tcpstat collector * [ENHANCEMENT] Use netlink to get netdev stats * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles * [ENHANCEMENT] Add btrfs device error stats - Change build requirement to go1.18 or higher (previously this was fixed to version 1.14) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - golang-github-prometheus-node_exporter-1.5.0-150100.3.23.2 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:04:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:04:20 +0200 (CEST) Subject: SUSE-CU-2023:1847-1: Security update of ses/7.1/ceph/prometheus-server Message-ID: <20230613070420.EA72AF3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1847-1 Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.435 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific Container Release : 3.2.435 Severity : important Type : security References : 1127591 1195633 1200441 1206513 1208060 1208329 1208965 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2022-46146 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2172-1 Released: Thu May 11 11:46:25 2023 Summary: Security update for golang-github-prometheus-prometheus Type: security Severity: important References: 1200441 This update of golang-github-prometheus-prometheus fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2181-1 Released: Thu May 11 18:49:16 2023 Summary: Security update for SUSE Manager 4.3: Server Type: security Severity: important References: 1208060,1208965,CVE-2022-46146 Security update for SUSE Manager 4.3: Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - golang-github-prometheus-prometheus-2.32.1-150100.4.14.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - system-user-prometheus-1.0.0-150000.8.4 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:04:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:04:29 +0200 (CEST) Subject: SUSE-CU-2023:1848-1: Security update of ses/7.1/ceph/prometheus-snmp_notifier Message-ID: <20230613070429.04AF7F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1848-1 Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.423 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific Container Release : 2.2.423 Severity : important Type : security References : 1127591 1195633 1206513 1208060 1208329 1208965 1209406 1210164 1210593 1210870 1211231 1211232 1211233 1211339 1211430 1211795 CVE-2022-46146 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 ----------------------------------------------------------------- The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2181-1 Released: Thu May 11 18:49:16 2023 Summary: Security update for SUSE Manager 4.3: Server Type: security Severity: important References: 1208060,1208965,CVE-2022-46146 Security update for SUSE Manager 4.3: Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libblkid1-2.36.2-150300.4.35.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - system-user-prometheus-1.0.0-150000.8.4 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:04:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:04:40 +0200 (CEST) Subject: SUSE-CU-2023:1849-1: Security update of ses/7.1/rook/ceph Message-ID: <20230613070440.80869F3CC@maintenance.suse.de> SUSE Container Update Advisory: ses/7.1/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1849-1 Container Tags : ses/7.1/rook/ceph:1.10.1 , ses/7.1/rook/ceph:1.10.1.16 , ses/7.1/rook/ceph:1.10.1.16.4.5.420 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific Container Release : 4.5.420 Severity : important Type : security References : 1127591 1186870 1195633 1199282 1199880 1201088 1206513 1207014 1208329 1208820 1209406 1209621 1210153 1210164 1210243 1210314 1210593 1210719 1210784 1210870 1210944 1211090 1211231 1211232 1211233 1211246 1211339 1211430 1211795 CVE-2023-2650 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-2953 CVE-2023-30861 ----------------------------------------------------------------- The container ses/7.1/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2264-1 Released: Mon May 22 12:19:52 2023 Summary: Security update for python-Flask Type: security Severity: important References: 1211246,CVE-2023-30861 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2488-1 Released: Mon Jun 12 11:10:29 2023 Summary: Recommended update for ceph, ceph-image, ceph-iscsi Type: recommended Severity: moderate References: 1199880,1201088,1208820,1209621,1210153,1210243,1210314,1210719,1210784,1210944,1211090 This update for ceph, ceph-image, ceph-iscsi fixes the following issues: - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 16.2.13-66-g54799ee0666: + (bsc#1199880) mgr: don't dump global config holding gil + (bsc#1209621) cephadm: fix NFS haproxy failover if active node disappears + (bsc#1210153) mgr/cephadm: fix handling of mgr upgrades with 3 or more mgrs + (bsc#1210243, bsc#1210314) ceph-volume: fix regression in activate + (bsc#1210719) cephadm: mount host /etc/hosts for daemon containers in podman deployments + (bsc#1210784) mgr/dashboard: Fix SSO error: 'str' object has no attribute 'decode' + (bsc#1210944) cmake: patch boost source to support python 3.11 + (bsc#1211090) fix FTBFS on s390x - Add _multibuild to define additional spec files as additional flavors. Eliminates the need for source package links in OBS. - Update to 16.2.11-65-g8b7e6fc0182: + (bsc#1201088) test/librados: fix FTBFS on gcc 13 + (bsc#1208820) mgr/dashboard: allow to pass controls on iscsi disk create - Update to 16.2.11-62-gce6291a3463: + (bsc#1201088) fix FTBFS on gcc 13 - Update to 3.5+1679292226.g8769429: + rbd-target-api: don't ignore controls on disk create (bsc#1208820) - checkin.sh: default to ses7 branch The following package changes have been done: - ceph-base-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-grafana-dashboards-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-iscsi-3.5+1679292226.g8769429-150300.3.6.1 updated - ceph-mds-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-dashboard-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-modules-core-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-rook-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mgr-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-mon-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-osd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-prometheus-alerts-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-radosgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - cephadm-16.2.13.66+g54799ee0666-150300.3.11.1 updated - ceph-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcephfs2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcephsqlite-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libopenssl1_1-hmac-1.1.1d-150200.11.65.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - librados2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librbd1-16.2.13.66+g54799ee0666-150300.3.11.1 updated - librgw2-16.2.13.66+g54799ee0666-150300.3.11.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzypp-17.31.11-150200.61.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - python3-Flask-1.0.2-150100.6.3.1 updated - python3-ceph-argparse-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-ceph-common-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-cephfs-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-rados-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rbd-16.2.13.66+g54799ee0666-150300.3.11.1 updated - python3-rgw-16.2.13.66+g54799ee0666-150300.3.11.1 updated - rbd-mirror-16.2.13.66+g54799ee0666-150300.3.11.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - zypper-1.14.60-150200.51.1 updated - container:sles15-image-15.0.0-17.20.146 updated From sle-updates at lists.suse.com Tue Jun 13 07:08:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:08:34 +0200 (CEST) Subject: SUSE-CU-2023:1852-1: Security update of suse/sle15 Message-ID: <20230613070834.7BDC8F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1852-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.304 Container Release : 9.5.304 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 07:09:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:09:32 +0200 (CEST) Subject: SUSE-CU-2023:1853-1: Security update of bci/dotnet-aspnet Message-ID: <20230613070932.23F9EF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1853-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-32.3 , bci/dotnet-aspnet:6.0.16 , bci/dotnet-aspnet:6.0.16-32.3 Container Release : 32.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 07:09:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:09:47 +0200 (CEST) Subject: SUSE-CU-2023:1854-1: Security update of bci/dotnet-aspnet Message-ID: <20230613070947.B5CB6F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1854-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-12.3 , bci/dotnet-aspnet:7.0.5 , bci/dotnet-aspnet:7.0.5-12.3 , bci/dotnet-aspnet:latest Container Release : 12.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 07:10:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:10:02 +0200 (CEST) Subject: SUSE-CU-2023:1855-1: Security update of suse/registry Message-ID: <20230613071002.BD8D3F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1855-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-11.3 , suse/registry:latest Container Release : 11.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 07:11:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:11:05 +0200 (CEST) Subject: SUSE-CU-2023:1856-1: Security update of bci/dotnet-sdk Message-ID: <20230613071105.F27E5F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1856-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-34.3 , bci/dotnet-sdk:6.0.16 , bci/dotnet-sdk:6.0.16-34.3 Container Release : 34.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 07:11:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 09:11:27 +0200 (CEST) Subject: SUSE-CU-2023:1857-1: Security update of bci/dotnet-sdk Message-ID: <20230613071127.1524AF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1857-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-13.3 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-13.3 , bci/dotnet-sdk:latest Container Release : 13.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 08:07:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:07:30 +0200 (CEST) Subject: SUSE-CU-2023:1857-1: Security update of bci/dotnet-sdk Message-ID: <20230613080730.EEBABF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1857-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-13.3 , bci/dotnet-sdk:7.0.5 , bci/dotnet-sdk:7.0.5-13.3 , bci/dotnet-sdk:latest Container Release : 13.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 08:08:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:08:27 +0200 (CEST) Subject: SUSE-CU-2023:1858-1: Security update of bci/dotnet-runtime Message-ID: <20230613080827.9299CF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1858-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-31.3 , bci/dotnet-runtime:6.0.16 , bci/dotnet-runtime:6.0.16-31.3 Container Release : 31.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Tue Jun 13 08:08:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:08:43 +0200 (CEST) Subject: SUSE-CU-2023:1859-1: Security update of bci/dotnet-runtime Message-ID: <20230613080843.B7181F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1859-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-12.2 , bci/dotnet-runtime:7.0.5 , bci/dotnet-runtime:7.0.5-12.2 , bci/dotnet-runtime:latest Container Release : 12.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:09:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:09:38 +0200 (CEST) Subject: SUSE-CU-2023:1860-1: Security update of bci/openjdk Message-ID: <20230613080938.83140F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1860-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-36.2 Container Release : 36.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:10:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:10:06 +0200 (CEST) Subject: SUSE-CU-2023:1861-1: Security update of bci/openjdk Message-ID: <20230613081006.3B2AEF3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1861-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-14.2 , bci/openjdk:latest Container Release : 14.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:10:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:10:54 +0200 (CEST) Subject: SUSE-CU-2023:1862-1: Security update of bci/python Message-ID: <20230613081054.5E526F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1862-1 Container Tags : bci/python:3 , bci/python:3-14.3 , bci/python:3.10 , bci/python:3.10-14.3 Container Release : 14.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:10:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:10:57 +0200 (CEST) Subject: SUSE-CU-2023:1863-1: Security update of bci/python Message-ID: <20230613081057.E9386F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1863-1 Container Tags : bci/python:3 , bci/python:3-3.2 , bci/python:3.11 , bci/python:3.11-3.2 , bci/python:latest Container Release : 3.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:11:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:11:49 +0200 (CEST) Subject: SUSE-CU-2023:1864-1: Security update of bci/python Message-ID: <20230613081149.A8500F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1864-1 Container Tags : bci/python:3 , bci/python:3-36.2 , bci/python:3.6 , bci/python:3.6-36.2 Container Release : 36.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:12:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:12:38 +0200 (CEST) Subject: SUSE-CU-2023:1865-1: Security update of bci/ruby Message-ID: <20230613081238.2C397F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1865-1 Container Tags : bci/ruby:2 , bci/ruby:2-35.2 , bci/ruby:2.5 , bci/ruby:2.5-35.2 , bci/ruby:latest Container Release : 35.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:13:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:13:17 +0200 (CEST) Subject: SUSE-CU-2023:1866-1: Security update of suse/sle15 Message-ID: <20230613081317.AB607F3CC@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1866-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.67 , suse/sle15:15.4 , suse/sle15:15.4.27.14.67 Container Release : 27.14.67 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Tue Jun 13 08:13:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 10:13:44 +0200 (CEST) Subject: SUSE-CU-2023:1867-1: Security update of bci/bci-init Message-ID: <20230613081344.C7B52F3CC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1867-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.5.3 Container Release : 5.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-36.5.2 updated From sle-updates at lists.suse.com Tue Jun 13 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 08:30:03 -0000 Subject: SUSE-SU-2023:2491-1: important: Security update for java-1_8_0-ibm Message-ID: <168664500335.5086.6004963730264403096@smelt2.suse.de> # Security update for java-1_8_0-ibm Announcement ID: SUSE-SU-2023:2491-1 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 * #1210711 * #1210826 * #1211615 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 * CVE-2023-2597 * CVE-2023-30441 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-2597 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2597 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30441 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for java-1_8_0-ibm fixes the following issues: * CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628). * CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631). * CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632). * CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634). * CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637). * CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615). * CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636). * CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635). Additional reference fixed already in 8.0.7.15: * CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2491=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2491=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2491=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2491=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2491=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2491=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2491=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2491=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2491=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2491=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2491=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2491=1 ## Package List: * SUSE Enterprise Storage 7.1 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Enterprise Storage 7.1 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Enterprise Storage 7 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Enterprise Storage 7 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE CaaS Platform 4.0 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.4 (x86_64) * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.5 (x86_64) * java-1_8_0-ibm-devel-32bit-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-32bit-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-src-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-demo-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP4 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP4 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP4 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP5 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP5 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * Legacy Module 15-SP5 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (nosrc x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc ppc64le s390x x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le s390x x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1 * java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://www.suse.com/security/cve/CVE-2023-2597.html * https://www.suse.com/security/cve/CVE-2023-30441.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 * https://bugzilla.suse.com/show_bug.cgi?id=1210711 * https://bugzilla.suse.com/show_bug.cgi?id=1210826 * https://bugzilla.suse.com/show_bug.cgi?id=1211615 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2490-1: important: Security update for libwebp Message-ID: <168664500541.5086.8607284108375003944@smelt2.suse.de> # Security update for libwebp Announcement ID: SUSE-SU-2023:2490-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1999 CVSS scores: * CVE-2023-1999 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libwebp fixes the following issues: * CVE-2023-1999: Fixed a double free (bsc#1210212). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2490=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2490=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2490=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2490=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2490=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwebpdecoder2-0.5.0-150000.3.11.1 * libwebpdecoder2-debuginfo-0.5.0-150000.3.11.1 * libwebpextras0-debuginfo-0.5.0-150000.3.11.1 * libwebp6-0.5.0-150000.3.11.1 * libwebpmux2-0.5.0-150000.3.11.1 * libwebp6-debuginfo-0.5.0-150000.3.11.1 * libwebpextras0-0.5.0-150000.3.11.1 * libwebpmux2-debuginfo-0.5.0-150000.3.11.1 * openSUSE Leap 15.4 (x86_64) * libwebpmux2-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebpextras0-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebpmux2-32bit-0.5.0-150000.3.11.1 * libwebp6-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebpdecoder2-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebp6-32bit-0.5.0-150000.3.11.1 * libwebpdecoder2-32bit-0.5.0-150000.3.11.1 * libwebpextras0-32bit-0.5.0-150000.3.11.1 * SUSE Package Hub 15 15-SP4 (x86_64) * libwebp6-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebp-debugsource-0.5.0-150000.3.11.1 * libwebp6-32bit-0.5.0-150000.3.11.1 * SUSE Package Hub 15 15-SP5 (x86_64) * libwebp6-32bit-debuginfo-0.5.0-150000.3.11.1 * libwebp6-32bit-0.5.0-150000.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * libwebp6-0.5.0-150000.3.11.1 * libwebp-debugsource-0.5.0-150000.3.11.1 * libwebp6-debuginfo-0.5.0-150000.3.11.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * libwebp6-0.5.0-150000.3.11.1 * libwebp-debugsource-0.5.0-150000.3.11.1 * libwebp6-debuginfo-0.5.0-150000.3.11.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1999.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:02 -0000 Subject: SUSE-SU-2023:2505-1: important: Security update for tomcat Message-ID: <168667380267.15398.6278390945184238800@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:2505-1 Rating: important References: * #1208513 * #1211608 Cross-References: * CVE-2023-24998 * CVE-2023-28709 CVSS scores: * CVE-2023-24998 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24998 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28709 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for tomcat fixes the following issues: Updated to version 9.0.75: \- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2505=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2505=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2505=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2505=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2505=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2505=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2505=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2505=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2505=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2505=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2505=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2505=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2505=1 ## Package List: * SUSE Enterprise Storage 7 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * openSUSE Leap 15.4 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-javadoc-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-docs-webapp-9.0.75-150200.41.1 * tomcat-embed-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-jsvc-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * openSUSE Leap 15.5 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-javadoc-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-docs-webapp-9.0.75-150200.41.1 * tomcat-embed-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-jsvc-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * Web and Scripting Module 15-SP4 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * Web and Scripting Module 15-SP5 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Manager Server 4.2 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 * SUSE Enterprise Storage 7.1 (noarch) * tomcat-admin-webapps-9.0.75-150200.41.1 * tomcat-9.0.75-150200.41.1 * tomcat-lib-9.0.75-150200.41.1 * tomcat-webapps-9.0.75-150200.41.1 * tomcat-jsp-2_3-api-9.0.75-150200.41.1 * tomcat-servlet-4_0-api-9.0.75-150200.41.1 * tomcat-el-3_0-api-9.0.75-150200.41.1 ## References: * https://www.suse.com/security/cve/CVE-2023-24998.html * https://www.suse.com/security/cve/CVE-2023-28709.html * https://bugzilla.suse.com/show_bug.cgi?id=1208513 * https://bugzilla.suse.com/show_bug.cgi?id=1211608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2504-1: important: Security update for tomcat Message-ID: <168667380466.15398.16197694770140648237@smelt2.suse.de> # Security update for tomcat Announcement ID: SUSE-SU-2023:2504-1 Rating: important References: * #1211608 Cross-References: * CVE-2023-28709 CVSS scores: * CVE-2023-28709 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28709 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for tomcat fixes the following issues: * CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1211608). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2504=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2504=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2504=1 ## Package List: * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * tomcat-servlet-4_0-api-9.0.36-150100.4.93.1 * tomcat-el-3_0-api-9.0.36-150100.4.93.1 * tomcat-admin-webapps-9.0.36-150100.4.93.1 * tomcat-9.0.36-150100.4.93.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.93.1 * tomcat-lib-9.0.36-150100.4.93.1 * tomcat-webapps-9.0.36-150100.4.93.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * tomcat-servlet-4_0-api-9.0.36-150100.4.93.1 * tomcat-el-3_0-api-9.0.36-150100.4.93.1 * tomcat-admin-webapps-9.0.36-150100.4.93.1 * tomcat-9.0.36-150100.4.93.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.93.1 * tomcat-lib-9.0.36-150100.4.93.1 * tomcat-webapps-9.0.36-150100.4.93.1 * SUSE CaaS Platform 4.0 (noarch) * tomcat-servlet-4_0-api-9.0.36-150100.4.93.1 * tomcat-el-3_0-api-9.0.36-150100.4.93.1 * tomcat-admin-webapps-9.0.36-150100.4.93.1 * tomcat-9.0.36-150100.4.93.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.93.1 * tomcat-lib-9.0.36-150100.4.93.1 * tomcat-webapps-9.0.36-150100.4.93.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * tomcat-servlet-4_0-api-9.0.36-150100.4.93.1 * tomcat-el-3_0-api-9.0.36-150100.4.93.1 * tomcat-admin-webapps-9.0.36-150100.4.93.1 * tomcat-9.0.36-150100.4.93.1 * tomcat-jsp-2_3-api-9.0.36-150100.4.93.1 * tomcat-lib-9.0.36-150100.4.93.1 * tomcat-webapps-9.0.36-150100.4.93.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28709.html * https://bugzilla.suse.com/show_bug.cgi?id=1211608 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2503-1: moderate: Security update for openldap2 Message-ID: <168667380627.15398.14026661339679263187@smelt2.suse.de> # Security update for openldap2 Announcement ID: SUSE-SU-2023:2503-1 Rating: moderate References: * #1211795 Cross-References: * CVE-2023-2953 CVSS scores: * CVE-2023-2953 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2953 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Legacy Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openldap2 fixes the following issues: * CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Legacy Module 12 zypper in -t patch SUSE-SLE-Module-Legacy-12-2023-2503=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2503=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-2503=1 ## Package List: * Legacy Module 12 (aarch64 ppc64le s390x x86_64) * compat-libldap-2_3-0-debuginfo-2.3.37-45.1 * compat-libldap-2_3-0-2.3.37-45.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * compat-libldap-2_3-0-debuginfo-2.3.37-45.1 * compat-libldap-2_3-0-2.3.37-45.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * compat-libldap-2_3-0-debuginfo-2.3.37-45.1 * compat-libldap-2_3-0-2.3.37-45.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2953.html * https://bugzilla.suse.com/show_bug.cgi?id=1211795 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:14 -0000 Subject: SUSE-SU-2023:2502-1: important: Security update for the Linux Kernel Message-ID: <168667381424.15398.15862405825627900965@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2502-1 Rating: important References: * #1199636 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1208474 * #1208604 * #1209287 * #1209779 * #1210715 * #1210783 * #1210940 * #1211037 * #1211043 * #1211105 * #1211131 * #1211186 * #1211203 * #1211590 * #1211592 * #1211596 * #1211622 Cross-References: * CVE-2020-36694 * CVE-2022-3566 * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1079 * CVE-2023-1380 * CVE-2023-1637 * CVE-2023-2156 * CVE-2023-2194 * CVE-2023-23586 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32233 * CVE-2023-32269 * CVE-2023-33288 CVSS scores: * CVE-2020-36694 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23586 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Real Time Module 15-SP3 An update that solves 21 vulnerabilities and has four fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * SUNRPC: Ensure the transport backchannel association (bsc#1211203). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Real Time Module 15-SP3 zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-2502=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2502=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2502=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2502=1 ## Package List: * SUSE Real Time Module 15-SP3 (x86_64) * kernel-rt-devel-5.3.18-150300.130.1 * ocfs2-kmp-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt_debug-devel-debuginfo-5.3.18-150300.130.1 * kernel-rt_debug-devel-5.3.18-150300.130.1 * cluster-md-kmp-rt-5.3.18-150300.130.1 * gfs2-kmp-rt-5.3.18-150300.130.1 * cluster-md-kmp-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt-debugsource-5.3.18-150300.130.1 * dlm-kmp-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt-debuginfo-5.3.18-150300.130.1 * ocfs2-kmp-rt-5.3.18-150300.130.1 * dlm-kmp-rt-5.3.18-150300.130.1 * kernel-rt_debug-debuginfo-5.3.18-150300.130.1 * kernel-rt_debug-debugsource-5.3.18-150300.130.1 * kernel-rt-devel-debuginfo-5.3.18-150300.130.1 * gfs2-kmp-rt-debuginfo-5.3.18-150300.130.1 * kernel-syms-rt-5.3.18-150300.130.1 * SUSE Real Time Module 15-SP3 (noarch) * kernel-devel-rt-5.3.18-150300.130.1 * kernel-source-rt-5.3.18-150300.130.1 * SUSE Real Time Module 15-SP3 (nosrc x86_64) * kernel-rt-5.3.18-150300.130.1 * SUSE Real Time Module 15-SP3 (nosrc) * kernel-rt_debug-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (nosrc x86_64) * kernel-rt-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt-debugsource-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt-debugsource-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64) * kernel-rt-5.3.18-150300.130.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * kernel-rt-debuginfo-5.3.18-150300.130.1 * kernel-rt-debugsource-5.3.18-150300.130.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36694.html * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-23586.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://bugzilla.suse.com/show_bug.cgi?id=1199636 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1208474 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211203 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211596 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:26 -0000 Subject: SUSE-SU-2023:2501-1: important: Security update for the Linux Kernel Message-ID: <168667382666.15398.4549519632700846164@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2501-1 Rating: important References: * #1065729 * #1118212 * #1129770 * #1154048 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1209287 * #1209366 * #1209857 * #1210544 * #1210629 * #1210715 * #1210783 * #1210806 * #1210940 * #1211037 * #1211044 * #1211105 * #1211186 * #1211275 * #1211360 * #1211361 * #1211362 * #1211363 * #1211364 * #1211365 * #1211366 * #1211466 * #1211592 * #1211622 * #1211801 * #1211816 * #1211960 Cross-References: * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1380 * CVE-2023-2176 * CVE-2023-2194 * CVE-2023-2269 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-28466 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32269 CVSS scores: * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise Server 12 SP5 An update that solves 16 vulnerabilities and has 22 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr (PED-3947 bsc#1210544 ltc#202303). * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * IB/hfi1: Assign npages earlier (git-fixes) * IB/iser: bound protection_sg size by data_sg size (git-fixes) * IB/mlx4: Fix memory leaks (git-fixes) * IB/mlx4: Increase the timeout for CM cache (git-fixes) * IB/mlx5: Fix initializing CQ fragments buffer (git-fixes) * IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git- fixes) * IB/usnic: Fix potential deadlock (git-fixes) * KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (git-fixes). * KVM: x86: Update the exit_qualification access bits while walking an address (git-fixes). * KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (git-fixes). * KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). * KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). * KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). * KVM: x86: fix empty-body warnings (git-fixes). * KVM: x86: fix incorrect comparison in trace event (git-fixes). * KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes). * Move upstreamed media fixes into sorted section * PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). * PCI: Call Max Payload Size-related fixup quirks early (git-fixes). * PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). * PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). * PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). * PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git- fixes). * PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). * PCI: aardvark: Fix checking for PIO status (git-fixes). * PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). * PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). * PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). * RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes) * RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes) * RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes) * RDMA/core: Do not access cm_id after its destruction (git-fixes) * RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes) * RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) * RDMA/hns: Bugfix for querying qkey (git-fixes) * RDMA/i40iw: Fix potential use after free (git-fixes) * RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes) * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes) * RDMA/mlx5: Block delay drop to unprivileged users (git-fixes) * RDMA/rxe: Fix error type of mmap_offset (git-fixes) * RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) * RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git- fixes) * RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) * RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) * RDS: IB: Fix null pointer issue (git-fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes). * USB: dwc3: fix runtime pm imbalance on unbind (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * Update patch reference for libata fix (bsc#1118212). * adm8211: fix error return code in adm8211_probe() (git-fixes). * backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770) * blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275) * ceph: force updating the msg pointer in non-split case (bsc#1211801). * cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: no memory barrier after break from idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544 ltc#202303). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Check font dimension limits (bsc#1154048) * fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048) * fix kcm_clone() (git-fixes). * fotg210-udc: Add missing completion handler (git-fixes). * ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes). * ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes). * ipoib: correcly show a VF hardware address (git-fixes) * ipv4: ipv4_default_advmss() should use route mtu (git-fixes). * ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes). * ipv6: icmp6: Allow icmp messages to be looped back (git-fixes). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * kcm: Check if sk_user_data already set in kcm_attach (git-fixes). * kvm: mmu: Do not read PDPTEs when paging is not enabled (git-fixes). * l2tp: remove configurable payload offset (git-fixes). * l2tp: remove l2specific_len dependency in l2tp_core (git-fixes). * libata: add horkage for ASMedia 1092 (git-fixes). * mac80211: choose first enabled channel for monitor (git-fixes). * mac80211: drop multicast fragments (git-fixes). * mac80211: fix fast-rx encryption check (git-fixes). * mac80211: pause TX while changing interface type (git-fixes). * media: radio-shark: Add endpoint checks (git-fixes). * mlx4: Use snprintf instead of complicated strcpy (git-fixes) * mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211466). * net/tcp/illinois: replace broken algorithm reference link (git-fixes). * net: Extra '_get' in declaration of arch_get_platform_mac_address (git- fixes). * net: amd: add missing of_node_put() (git-fixes). * net: arc_emac: fix arc_emac_rx() error paths (git-fixes). * net: broadcom: fix return type of ndo_start_xmit function (git-fixes). * net: davinci_emac: match the mdio device against its compatible if possible (git-fixes). * net: dsa: b53: Add BCM5389 support (git-fixes). * net: dsa: mt7530: fix module autoloading for OF platform drivers (git- fixes). * net: dsa: qca8k: Add support for QCA8334 switch (git-fixes). * net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes). * net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git- fixes). * net: faraday: fix return type of ndo_start_xmit function (git-fixes). * net: hns3: fix return type of ndo_start_xmit function (git-fixes). * net: ipv6: send NS for DAD when link operationally up (git-fixes). * net: mediatek: setup proper state for disabled GMAC on the default (git- fixes). * net: micrel: fix return type of ndo_start_xmit function (git-fixes). * net: mvneta: fix enable of all initialized RXQs (git-fixes). * net: propagate dev_get_valid_name return code (git-fixes). * net: qca_spi: Fix log level if probe fails (git-fixes). * net: qcom/emac: Use proper free methods during TX (git-fixes). * net: qla3xxx: Remove overflowing shift statement (git-fixes). * net: smsc: fix return type of ndo_start_xmit function (git-fixes). * net: sun: fix return type of ndo_start_xmit function (git-fixes). * net: toshiba: fix return type of ndo_start_xmit function (git-fixes). * net: xfrm: allow clearing socket xfrm policies (git-fixes). * net: xilinx: fix return type of ndo_start_xmit function (git-fixes). * netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes). * netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes). * netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount (git-fixes). * nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: unquiesce admin queue on shutdown (git-fixes). * nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git- fixes). * nvme: Fix u32 overflow in the number of namespace list calculation (git- fixes). * nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes). * nvme: refine the Qemu Identify CNS quirk (git-fixes). * nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes). * platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to 0 (git-fixes). * platform/x86: alienware-wmi: constify attribute_group structures (git- fixes). * platform/x86: alienware-wmi: fix format string overflow warning (git-fixes). * platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer (git-fixes). * platform/x86: dell-laptop: fix rfkill functionality. * platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). * platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). * powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947 bsc#1210544 ltc#202303). * powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544 ltc#202303). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947 bsc#1210544 ltc#202303). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947 bsc#1210544 ltc#202303). * powerpc: Squash lines for simple wrapper functions (bsc#1065729). * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (git-fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes) * s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362). * s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363). * s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360). * s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364). * s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes bsc#1211365). * s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (LTC#202116 bsc#1209857 git-fixes). * s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361). * scsi: qla2xxx: Declare SCSI host template const (bsc#1211960). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: storvsc: Parameterize number hardware queues (bsc#1211622). * sctp: avoid flushing unsent queue when doing asoc reset (git-fixes). * sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes). * sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege (git-fixes). * sctp: make use of pre-calculated len (git-fixes). * seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816). * sit: fix IFLA_MTU ignored on NEWLINK (git-fixes). * stmmac: fix valid numbers of unicast filter entries (git-fixes). * sunvnet: does not support GSO for sctp (git-fixes). * usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes). * usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). * wcn36xx: Add ieee80211 rx status rate information (git-fixes). * wcn36xx: Channel list update before hardware scan (git-fixes). * wcn36xx: Disable bmps when encryption is disabled (git-fixes). * wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). * wcn36xx: Fix TX data path (git-fixes). * wcn36xx: Fix multiple AMPDU sessions support (git-fixes). * wcn36xx: Fix software-driven scan (git-fix). * wcn36xx: Fix warning due to bad rate_idx (git-fixes). * wcn36xx: Increase number of TX retries (git-fixes). * wcn36xx: Specify ieee80211_rx_status.nss (git-fixes). * wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp (git-fixes). * wcn36xx: Use sequence number allocated by mac80211 (git-fixes). * wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes). * wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). * wcn36xx: fix spelling mistake "to" -> "too" (git-fixes). * wcn36xx: fix typo (git-fixes). * wcn36xx: remove unecessary return (git-fixes). * wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86/kvm/vmx: fix old-style function declaration (git-fixes). * x86/kvm: Do not call kvm_spurious_fault() from .fixup (git-fixes). * x86: kvm: avoid constant-conversion warning (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 12 SP5 zypper in -t patch SUSE-SLE-RT-12-SP5-2023-2501=1 ## Package List: * SUSE Linux Enterprise Real Time 12 SP5 (x86_64) * kernel-rt-base-debuginfo-4.12.14-10.127.1 * kernel-rt-devel-debuginfo-4.12.14-10.127.1 * kernel-rt_debug-debuginfo-4.12.14-10.127.1 * kernel-rt_debug-debugsource-4.12.14-10.127.1 * kernel-rt_debug-devel-debuginfo-4.12.14-10.127.1 * kernel-rt-devel-4.12.14-10.127.1 * ocfs2-kmp-rt-debuginfo-4.12.14-10.127.1 * kernel-rt-base-4.12.14-10.127.1 * cluster-md-kmp-rt-4.12.14-10.127.1 * kernel-syms-rt-4.12.14-10.127.1 * ocfs2-kmp-rt-4.12.14-10.127.1 * dlm-kmp-rt-4.12.14-10.127.1 * gfs2-kmp-rt-debuginfo-4.12.14-10.127.1 * kernel-rt_debug-devel-4.12.14-10.127.1 * cluster-md-kmp-rt-debuginfo-4.12.14-10.127.1 * kernel-rt-debugsource-4.12.14-10.127.1 * kernel-rt-debuginfo-4.12.14-10.127.1 * dlm-kmp-rt-debuginfo-4.12.14-10.127.1 * gfs2-kmp-rt-4.12.14-10.127.1 * SUSE Linux Enterprise Real Time 12 SP5 (noarch) * kernel-source-rt-4.12.14-10.127.1 * kernel-devel-rt-4.12.14-10.127.1 * SUSE Linux Enterprise Real Time 12 SP5 (nosrc x86_64) * kernel-rt-4.12.14-10.127.1 * kernel-rt_debug-4.12.14-10.127.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1118212 * https://bugzilla.suse.com/show_bug.cgi?id=1129770 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209857 * https://bugzilla.suse.com/show_bug.cgi?id=1210544 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211275 * https://bugzilla.suse.com/show_bug.cgi?id=1211360 * https://bugzilla.suse.com/show_bug.cgi?id=1211361 * https://bugzilla.suse.com/show_bug.cgi?id=1211362 * https://bugzilla.suse.com/show_bug.cgi?id=1211363 * https://bugzilla.suse.com/show_bug.cgi?id=1211364 * https://bugzilla.suse.com/show_bug.cgi?id=1211365 * https://bugzilla.suse.com/show_bug.cgi?id=1211366 * https://bugzilla.suse.com/show_bug.cgi?id=1211466 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211801 * https://bugzilla.suse.com/show_bug.cgi?id=1211816 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:52 -0000 Subject: SUSE-SU-2023:2500-1: important: Security update for the Linux Kernel Message-ID: <168667385290.15398.12824707246883010422@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2500-1 Rating: important References: * #1065729 * #1172073 * #1191731 * #1193629 * #1195655 * #1195921 * #1203906 * #1205650 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1206578 * #1207553 * #1208604 * #1208758 * #1209287 * #1209288 * #1209856 * #1209982 * #1210165 * #1210294 * #1210449 * #1210450 * #1210498 * #1210533 * #1210551 * #1210566 * #1210647 * #1210741 * #1210775 * #1210783 * #1210791 * #1210806 * #1210940 * #1210947 * #1211037 * #1211043 * #1211044 * #1211089 * #1211105 * #1211113 * #1211131 * #1211187 * #1211205 * #1211260 * #1211263 * #1211280 * #1211281 * #1211395 * #1211449 * #1211465 * #1211519 * #1211564 * #1211590 * #1211592 * #1211686 * #1211687 * #1211688 * #1211689 * #1211690 * #1211691 * #1211692 * #1211693 * #1211714 * #1211796 * #1211804 * #1211807 * #1211808 * #1211819 * #1211847 * #1211855 * #1211960 Cross-References: * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1079 * CVE-2023-1380 * CVE-2023-1382 * CVE-2023-2002 * CVE-2023-2124 * CVE-2023-2156 * CVE-2023-2162 * CVE-2023-2269 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-28410 * CVE-2023-3006 * CVE-2023-30456 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32233 * CVE-2023-33288 CVSS scores: * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * Public Cloud Module 15-SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 23 vulnerabilities, contains 14 features and has 52 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: * 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). * ACPI: EC: Fix oops when removing custom query handlers (git-fixes). * ACPI: bus: Ensure that notify handlers are not running after removal (git- fixes). * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * ACPI: tables: Add support for NBFT (bsc#1195921). * ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). * ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git- fixes). * ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). * ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). * ALSA: firewire-digi00x: prevent potential use after free (git-fixes). * ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). * ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). * ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). * ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). * ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). * ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git- fixes). * ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git- fixes). * ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). * ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). * ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). * ALSA: hda: Fix unhandled register update during auto-suspend period (git- fixes). * ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). * ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). * ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). * ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). * ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). * ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). * ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git- fixes). * ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). * ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git- fixes). * ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). * ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). * ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). * ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git- fixes). * Add a bug reference to two existing drm-hyperv changes (bsc#1211281). * Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git- fixes). * Bluetooth: btintel: Add LE States quirk support (git-fixes). * Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git- fixes). * HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). * HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). * HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). * HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). * HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). * HID: wacom: Set a default resolution for older tablets (git-fixes). * HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). * HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). * HID: wacom: generic: Set battery quirk only when we see battery data (git- fixes). * IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) * IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) * IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git- fixes) * IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes) * Input: xpad - add constants for GIP interface numbers (git-fixes). * KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git- fixes). * KVM: Destroy target device if coalesced MMIO unregistration fails (git- fixes) * KVM: Disallow user memslot with size that exceeds "unsigned long" (git- fixes) * KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) * KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) * KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). * KVM: Prevent module exit until all VMs are freed (git-fixes) * KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git- fixes). * KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). * KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git- fixes). * KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). * KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git- fixes). * KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). * KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). * KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git- fixes). * KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git- fixes). * KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git- fixes). * KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). * KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) * KVM: arm64: Do not return from void function (git-fixes) * KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) * KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) * KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) * KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) * KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) * KVM: arm64: Free hypervisor allocations if vector slot init fails (git- fixes) * KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) * KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git- fixes) * KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) * KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) * KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git- fixes) * KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) * KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) * KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) * KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git- fixes). * KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). * KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). * KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git- fixes). * KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git- fixes). * KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). * KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). * KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). * KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). * KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). * KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git- fixes). * KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). * KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git- fixes). * KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git- fixes). * KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). * KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). * KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). * KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). * KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git- fixes). * KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). * KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). * KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). * KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). * KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). * KVM: x86: do not set st->preempted when going back to user space (git- fixes). * KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). * KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). * Move upstreamed media patches into sorted section * PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). * PM: hibernate: Do not get block device exclusively in test_resume mode (git- fixes). * PM: hibernate: Turn snapshot_test into global variable (git-fixes). * PM: hibernate: fix load_image_and_restore() error path (git-fixes). * RDMA/bnxt_re: Fix a possible memory leak (git-fixes) * RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) * RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) * RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) * RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) * RDMA/efa: Fix unsupported page sizes in device (git-fixes) * RDMA/hns: Fix base address table allocation (git-fixes) * RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) * RDMA/hns: Modify the value of long message loopback slice (git-fixes) * RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). * RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). * RDMA/irdma: Fix Local Invalidate fencing (git-fixes) * RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). * RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). * RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). * RDMA/irdma: Prevent QP use after free (git-fixes) * RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). * RDMA/irdma: Remove excess error variables (jsc#SLE-18383). * RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). * RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). * RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) * RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) * RDMA/rdmavt: Delete unnecessary NULL check (git-fixes) * RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes) * RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git- fixes) * RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes) * RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) * RDMA/siw: Fix potential page_array out of range access (git-fixes) * RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) * RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) * SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). * SMB3: Add missing locks to protect deferred close file list (git-fixes). * SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). * SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). * SMB3: drop reference to cfile before sending oplock break (bsc#1193629). * SMB3: force unmount was failing to close deferred close files (bsc#1193629). * SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). * USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). * USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git- fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). * Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are- disa.patch (bsc#1195655 ltc#195733 git-fixes). * Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI- contex.patch (bsc#1195655 ltc#195733). * apparmor: add a kernel label to use on kernel objects (bsc#1211113). * arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). * arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). * arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). * arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). * asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). * ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). * ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). * blacklist.conf: s390/boot: allocate amode31 section in decompressor * blacklist.conf: the commit might cause regression (bsc#1210947) * block: add a bdev_max_zone_append_sectors helper (git-fixes). * bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git- fixes). * bnxt: Do not read past the end of test names (jsc#SLE-18978). * bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). * bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). * bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). * bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). * bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). * bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). * bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). * bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). * can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: kvaser_pciefd: Call request_irq() before enabling interrupts (git- fixes). * can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git- fixes). * can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). * can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). * can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). * can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git- fixes). * can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). * can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). * cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). * ceph: force updating the msg pointer in non-split case (bsc#1211804). * cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). * cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). * cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). * cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). * cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). * cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). * cgroup: reduce dependency on cgroup_mutex (bsc#1205650). * cifs: Avoid a cast in add_lease_context() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). * cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). * cifs: fix potential race when tree connecting ipc (bsc#1208758). * cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). * cifs: fix sharing of DFS connections (bsc#1208758). * cifs: fix smb1 mount regression (bsc#1193629). * cifs: mapchars mount option ignored (bsc#1193629). * cifs: missing lock when updating session status (bsc#1193629). * cifs: print smb3_fs_context::source when mounting (bsc#1193629). * cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). * cifs: protect session status check in smb2_reconnect() (bsc#1208758). * cifs: release leases for deferred close handles when freezing (bsc#1193629). * cifs: sanitize paths in cifs_update_super_prepath (git-fixes). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). * clk: qcom: regmap: add PHY clock source implementation (git-fixes). * clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). * configfs: fix possible memory leak in configfs_create_dir() (git-fixes). * crypto: acomp - define max size for destination (jsc#PED-3692) * crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) * crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) * crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) * crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) * crypto: qat - abstract PFVF receive logic (jsc#PED-3692) * crypto: qat - abstract PFVF send function (jsc#PED-3692) * crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) * crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) * crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) * crypto: qat - add backlog mechanism (jsc#PED-3692) * crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) * crypto: qat - add check to validate firmware images (jsc#PED-3692) * crypto: qat - add limit to linked list parsing (jsc#PED-3692) * crypto: qat - add misc workqueue (jsc#PED-3692) * crypto: qat - add missing restarting event notification in (jsc#PED-3692) * crypto: qat - add param check for DH (jsc#PED-3692) * crypto: qat - add param check for RSA (jsc#PED-3692) * crypto: qat - add pfvf_ops (jsc#PED-3692) * crypto: qat - add resubmit logic for decompression (jsc#PED-3692) * crypto: qat - add support for 401xx devices (jsc#PED-3692) * crypto: qat - add support for compression for 4xxx (jsc#PED-3692) * crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) * crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) * crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) * crypto: qat - change behaviour of (jsc#PED-3692) * crypto: qat - change bufferlist logic interface (jsc#PED-3692) * crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) * crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) * crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) * crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) * crypto: qat - do not rely on min version (jsc#PED-3692) * crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) * crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) * crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) * crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) * crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) * crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - extend buffer list interface (jsc#PED-3692) * crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) * crypto: qat - extract send and wait from (jsc#PED-3692) * crypto: qat - fix DMA transfer direction (jsc#PED-3692) * crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) * crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) * crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) * crypto: qat - fix a typo in a comment (jsc#PED-3692) * crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) * crypto: qat - fix definition of ring reset results (jsc#PED-3692) * crypto: qat - fix error return code in adf_probe (jsc#PED-3692) * crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) * crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) * crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) * crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) * crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) * crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) * crypto: qat - free irq in case of failure (jsc#PED-3692) * crypto: qat - free irqs only if allocated (jsc#PED-3692) * crypto: qat - generalize crypto request buffers (jsc#PED-3692) * crypto: qat - get compression extended capabilities (jsc#PED-3692) * crypto: qat - handle retries due to collisions in (jsc#PED-3692) * crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) * crypto: qat - improve logging of PFVF messages (jsc#PED-3692) * crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) * crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) * crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) * crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) * crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) * crypto: qat - make PFVF message construction direction (jsc#PED-3692) * crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) * crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) * crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) * crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) * crypto: qat - move pfvf collision detection values (jsc#PED-3692) * crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) * crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) * crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) * crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) * crypto: qat - re-enable registration of algorithms (jsc#PED-3692) * crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) * crypto: qat - refactor pfvf version request messages (jsc#PED-3692) * crypto: qat - refactor submission logic (jsc#PED-3692) * crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF disabled function (jsc#PED-3692) * crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) * crypto: qat - relocate backlog related structures (jsc#PED-3692) * crypto: qat - relocate bufferlist logic (jsc#PED-3692) * crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) * crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) * crypto: qat - remove empty sriov_configure() (jsc#PED-3692) * crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) * crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) * crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) * crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) * crypto: qat - remove unneeded assignment (jsc#PED-3692) * crypto: qat - remove unneeded braces (jsc#PED-3692) * crypto: qat - remove unneeded packed attribute (jsc#PED-3692) * crypto: qat - remove unused PFVF stubs (jsc#PED-3692) * crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) * crypto: qat - rename bufferlist functions (jsc#PED-3692) * crypto: qat - rename pfvf collision constants (jsc#PED-3692) * crypto: qat - reorganize PFVF code (jsc#PED-3692) * crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) * crypto: qat - replace deprecated MSI API (jsc#PED-3692) * crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) * crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) * crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) * crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) * crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) * crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) * crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) * crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) * crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) * crypto: qat - stop using iommu_present() (jsc#PED-3692) * crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) * crypto: qat - store the ring-to-service mapping (jsc#PED-3692) * crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) * crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) * crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) * crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) * crypto: qat - use hweight for bit counting (jsc#PED-3692) * crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) * crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) * crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) * crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). * cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). * debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). * dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). * dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). * dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). * dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). * dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). * dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). * dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). * dmaengine: mv_xor_v2: Fix an error code (git-fixes). * do not reuse connection if share marked as isolated (bsc#1193629). * docs: networking: fix x25-iface.rst heading & index order (git-fixes). * drivers: base: component: fix memory leak with using debugfs_lookup() (git- fixes). * drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). * drm/amd/display: Fix hang when skipping modeset (git-fixes). * drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). * drm/amd/display: fix flickering caused by S/G mode (git-fixes). * drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). * drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). * drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git- fixes). * drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). * drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). * drm/amdgpu: update drm_display_info correctly when the edid is read (git- fixes). * drm/displayid: add displayid_get_header() and check bounds better (git- fixes). * drm/exynos: fix g2d_open/close helper function definitions (git-fixes). * drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git- fixes). * drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). * drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). * drm/i915/dp: prevent potential div-by-zero (git-fixes). * drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). * drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). * drm/msm/dp: unregister audio driver during unbind (git-fixes). * drm/msm/dpu: Add INTF_5 interrupts (git-fixes). * drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git- fixes). * drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). * drm/sched: Remove redundant check (git-fixes). * drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). * drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). * drm/ttm: optimize pool allocations a bit v2 (git-fixes). * dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). * dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). * dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). * dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). * dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). * fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). * fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). * fbdev: udlfb: Fix endpoint check (git-fixes). * firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). * firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). * fuse: always revalidate rename target dentry (bsc#1211808). * fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). * futex: Resend potentially swallowed owner death notification (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gpio: mockup: Fix mode of debugfs files (git-fixes). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (git-fixes). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (git-fixes). * gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). * gve: enhance no queue page list detection (bsc#1211519). * i2c: omap: Fix standard mode false ACK readings (git-fixes). * i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). * i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). * i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). * i40e: Fix DMA mappings leak (jsc#SLE-18378). * i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). * i40e: Fix VF set max MTU size (jsc#SLE-18378). * i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). * i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). * i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). * i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). * i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). * i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). * i40e: Fix for VF MAC address 0 (jsc#SLE-18378). * i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). * i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). * i40e: Fix kernel crash during module removal (jsc#SLE-18378). * i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). * i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). * i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). * i40e: Refactor tc mqprio checks (jsc#SLE-18378). * i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). * i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). * i40e: fix flow director packet filter programming (jsc#SLE-18378). * i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). * i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). * iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). * iavf: Detach device during reset task (jsc#SLE-18385). * iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). * iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). * iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). * iavf: Fix a crash during reset task (jsc#SLE-18385). * iavf: Fix bad page state (jsc#SLE-18385). * iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). * iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). * iavf: Fix max_rate limiting (jsc#SLE-18385). * iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). * iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). * iavf: fix hang on reboot with ice (jsc#SLE-18385). * iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). * iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). * ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). * ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). * igb: Add lock to avoid data race (jsc#SLE-18379). * igb: Enable SR-IOV after reinit (jsc#SLE-18379). * igb: Initialize mailbox message for VF reset (jsc#SLE-18379). * igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). * igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). * igbvf: Regard vf reset nack as success (jsc#SLE-18379). * igc: Add checking for basetime less than zero (jsc#SLE-18377). * igc: Add ndo_tx_timeout support (jsc#SLE-18377). * igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). * igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). * igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). * igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). * igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). * igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). * igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). * igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). * igc: read before write to SRRCTL register (jsc#SLE-18377). * igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). * igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). * iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). * iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). * iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). * iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). * iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). * iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). * iio: imu: inv_icm42600: fix timestamp reset (git-fixes). * iio: light: vcnl4035: fixed chip ID check (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). * ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). * ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). * ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). * ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). * ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). * ixgbe: fix pci device refcount leak (jsc#SLE-18384). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). * kABI workaround for btbcm.c (git-fixes). * kABI workaround for mt76_poll_msec() (git-fixes). * kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) * kabi/severities: added Microsoft mana symbold (bsc#1210551) * kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). * kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). * leds: Fix reference to led_set_brightness() in doc (git-fixes). * leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). * leds: tca6507: Fix error handling of using fwnode_property_read_string (git- fixes). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). * locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). * mailbox: zynqmp: Fix IPI isr handling (git-fixes). * mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). * mce: fix set_mce_nospec to always unmap the whole page (git-fixes). * media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). * media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). * media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git- fixes). * media: radio-shark: Add endpoint checks (git-fixes). * media: rcar_fdp1: Fix the correct variable assignments (git-fixes). * media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). * memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). * mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). * mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). * mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). * misc: fastrpc: reject new invocations during device removal (git-fixes). * misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). * mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). * mmc: vub300: fix invalid response handling (git-fixes). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). * mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). * mtd: rawnand: marvell: ensure timing values are written (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). * net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). * net: mana: Add support for jumbo frame (bsc#1210551). * net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). * net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). * net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). * net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). * net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). * net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git- fixes). * net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). * net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). * net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). * net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). * net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). * net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). * net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). * net: mana: Use napi_build_skb in RX path (bsc#1210551). * net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git- fixes). * net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). * net: phy: dp83867: add w/a for packet errors seen with short cables (git- fixes). * net: qrtr: correct types of trace event parameters (git-fixes). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: tun: avoid disabling NAPI twice (git-fixes). * net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). * net: tun: stop NAPI when detaching queues (git-fixes). * net: tun: unlink NAPI from device on destruction (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * nilfs2: do not write dirty data after degenerating to read-only (git-fixes). * nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). * nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git- fixes). * nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git- fixes). * nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). * nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). * nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git- fixes). * nvme-pci: clear the prp2 field when not used (git-fixes). * nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). * nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). * nvme-tcp: fix a possible UAF when failing to allocate an io queue (git- fixes). * nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). * nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). * nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). * nvme: also return I/O command effects from nvme_command_effects (git-fixes). * nvme: check for duplicate identifiers earlier (git-fixes). * nvme: cleanup __nvme_check_ids (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix interpretation of DMRSL (git-fixes). * nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). * nvme: fix passthrough csi check (git-fixes). * nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). * nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). * nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). * nvme: set non-mdts limits in nvme_scan_work (git-fixes). * nvmet-tcp: add bounds check on Transfer Tag (git-fixes). * nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). * nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). * nvmet: fix mar and mor off-by-one errors (git-fixes). * nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git- fixes). * nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). * phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). * phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). * pinctrl: qcom: lpass-lpi: set output value before enabling output (git- fixes). * pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). * platform/x86: hp-wmi: Support touchpad on/off (git-fixes). * platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git- fixes). * platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). * power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). * power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). * power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). * power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). * power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git- fixes). * power: supply: bq27xxx: Fix poll_interval handling and races on remove (git- fixes). * power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes). * power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). * power: supply: leds: Fix blink to LED on transition (git-fixes). * power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). * powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * pstore: Revert pmsg_lock back to a normal mutex (git-fixes). * purgatory: fix disabling debug info (git-fixes). * pwm: meson: Fix axg ao mux parents (git-fixes). * pwm: meson: Fix g12a ao clk81 name (git-fixes). * qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). * qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). * qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). * qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). * qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). * r8152: fix flow control issue of RTL8156A (git-fixes). * r8152: fix the poor throughput for 2.5G devices (git-fixes). * r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). * regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git- fixes). * regulator: mt6359: add read check for PMIC MT6359 (git-fixes). * regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). * remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Fix kernel-doc (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rtmutex: Ensure that the top waiter is always woken up (git-fixes). * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). * s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1211688). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). * s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). * s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). * s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). * scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). * scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git- fixes). * scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). * scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). * scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). * scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). * scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). * scsi: lpfc: Update congestion warning notification period (bsc#1211847). * scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: ses: Handle enclosure with just a primary component gracefully (git- fixes). * scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). * selftests mount: Fix mount_setattr_test builds failed (git-fixes). * selftests/resctrl: Allow ->setup() to return errors (git-fixes). * selftests/resctrl: Check for return value after write_schemata() (git- fixes). * selftests/resctrl: Extend CPU vendor detection (git-fixes). * selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). * selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). * selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). * selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). * selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). * selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). * selftests: xsk: Disable IPv6 on VETH1 (git-fixes). * selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). * selinux: do not use make's grouped targets feature yet (git-fixes). * serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). * serial: 8250_bcm7271: balance clk_enable calls (git-fixes). * serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). * serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). * serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git- fixes). * serial: Add support for Advantech PCI-1611U card (git-fixes). * serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). * serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). * serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). * sfc: Change VF mac via PF as first preference if available (git-fixes). * sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). * sfc: Fix use-after-free due to selftest_work (git-fixes). * sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). * sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). * sfc: fix TX channel offset when using legacy interrupts (git-fixes). * sfc: fix considering that all channels have TX queues (git-fixes). * sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). * sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). * sfc: include vport_id in filter spec hash and equal() (git-fixes). * smb3: display debug information better for encryption (bsc#1193629). * smb3: fix problem remounting a share after shutdown (bsc#1193629). * smb3: improve parallel reads of large files (bsc#1193629). * smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). * smb3: move some common open context structs to smbfs_common (bsc#1193629). * soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). * soundwire: qcom: gracefully handle too many ports in DT (git-fixes). * spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). * spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * supported.conf: mark mana_ib supported * swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). * tools/virtio: compile with -pthread (git-fixes). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tools/virtio: fix virtio_test execution (git-fixes). * tools/virtio: initialize spinlocks in vring_test.c (git-fixes). * tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git- fixes). * tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). * tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). * tracing: Fix permissions for the buffer_percent file (git-fixes). * tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). * usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). * usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). * usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). * usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). * usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). * usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). * usb: dwc3: gadget: Execute gadget stop after halting the controller (git- fixes). * usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). * usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). * usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git- fixes). * usb: dwc3: remove a possible unnecessary 'out of memory' message (git- fixes). * usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). * usb: gadget: u_ether: Fix host MAC address case (git-fixes). * usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * usb: typec: tcpm: fix multiple times discover svids error (git-fixes). * usb: usbfs: Enforce page requirements for mmap (git-fixes). * usb: usbfs: Use consistent mmap functions (git-fixes). * usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). * vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). * vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: split free_unused_bufs() (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git- fixes). * watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). * wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). * wifi: ath: Silence memcpy run-time false positive warning (git-fixes). * wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). * wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). * wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). * wifi: iwlwifi: fw: fix DBGI dump (git-fixes). * wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). * wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). * wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). * wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git- fixes). * wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). * wifi: mac80211: fix min center freq offset tracing (git-fixes). * wifi: mt76: add flexible polling wait-interval support (git-fixes). * wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git- fixes). * wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). * wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). * wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). * x86/MCE/AMD: Use an u64 for bank_map (git-fixes). * x86/alternative: Make debug-alternative selective (bsc#1206578). * x86/alternative: Report missing return thunk details (git-fixes). * x86/alternative: Support relocations in alternatives (bsc#1206578). * x86/amd: Use IBPB for firmware calls (git-fixes). * x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). * x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). * x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). * x86/fault: Cast an argument to the proper address space in prefetch() (git- fixes). * x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). * x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git- fixes). * x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). * x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). * x86/hyperv: Block root partition functionality in a Confidential VM (git- fixes). * x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). * x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch * x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git- fixes). * x86/microcode/AMD: Fix mixed steppings support (git-fixes). * x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). * x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). * x86/microcode: Add explicit CPU vendor dependency (git-fixes). * x86/microcode: Adjust late loading result reporting message (git-fixes). * x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes). * x86/microcode: Rip out the OLD_INTERFACE (git-fixes). * x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). * x86/mm: Use proper mask when setting PUD mapping (git-fixes). * x86/nospec: Unwreck the RSB stuffing (git-fixes). * x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). * x86/pat: Fix x86_has_pat_wp() (git-fixes). * x86/pm: Add enumeration check before spec MSRs save/restore setup (git- fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). * x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). * x86/signal: Fix the value returned by strict_sas_size() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86/speculation: Identify processors vulnerable to SMT RSB predictions (git- fixes). * x86/static_call: Serialize __static_call_fixup() properly (git-fixes). * x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). * x86/topology: Fix duplicated core ID within a package (git-fixes). * x86/topology: Fix multiple packages shown on a single-package system (git- fixes). * x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). * x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). * xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2500=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2500=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * gfs2-kmp-azure-5.14.21-150400.14.52.1 * gfs2-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-extra-5.14.21-150400.14.52.1 * kernel-azure-devel-5.14.21-150400.14.52.1 * kernel-azure-livepatch-devel-5.14.21-150400.14.52.1 * kernel-syms-azure-5.14.21-150400.14.52.1 * dlm-kmp-azure-5.14.21-150400.14.52.1 * kernel-azure-debugsource-5.14.21-150400.14.52.1 * dlm-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * kselftests-kmp-azure-5.14.21-150400.14.52.1 * cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * kselftests-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-extra-debuginfo-5.14.21-150400.14.52.1 * ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * cluster-md-kmp-azure-5.14.21-150400.14.52.1 * ocfs2-kmp-azure-5.14.21-150400.14.52.1 * reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-optional-5.14.21-150400.14.52.1 * reiserfs-kmp-azure-5.14.21-150400.14.52.1 * kernel-azure-optional-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.52.1 * openSUSE Leap 15.4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.52.1 * openSUSE Leap 15.4 (noarch) * kernel-devel-azure-5.14.21-150400.14.52.1 * kernel-source-azure-5.14.21-150400.14.52.1 * Public Cloud Module 15-SP4 (aarch64 nosrc x86_64) * kernel-azure-5.14.21-150400.14.52.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * kernel-azure-devel-5.14.21-150400.14.52.1 * kernel-syms-azure-5.14.21-150400.14.52.1 * kernel-azure-debugsource-5.14.21-150400.14.52.1 * kernel-azure-devel-debuginfo-5.14.21-150400.14.52.1 * kernel-azure-debuginfo-5.14.21-150400.14.52.1 * Public Cloud Module 15-SP4 (noarch) * kernel-devel-azure-5.14.21-150400.14.52.1 * kernel-source-azure-5.14.21-150400.14.52.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28410.html * https://www.suse.com/security/cve/CVE-2023-3006.html * https://www.suse.com/security/cve/CVE-2023-30456.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1195655 * https://bugzilla.suse.com/show_bug.cgi?id=1195921 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1205650 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1206578 * https://bugzilla.suse.com/show_bug.cgi?id=1207553 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1208758 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209856 * https://bugzilla.suse.com/show_bug.cgi?id=1209982 * https://bugzilla.suse.com/show_bug.cgi?id=1210165 * https://bugzilla.suse.com/show_bug.cgi?id=1210294 * https://bugzilla.suse.com/show_bug.cgi?id=1210449 * https://bugzilla.suse.com/show_bug.cgi?id=1210450 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210551 * https://bugzilla.suse.com/show_bug.cgi?id=1210566 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210741 * https://bugzilla.suse.com/show_bug.cgi?id=1210775 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1210947 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211113 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211205 * https://bugzilla.suse.com/show_bug.cgi?id=1211260 * https://bugzilla.suse.com/show_bug.cgi?id=1211263 * https://bugzilla.suse.com/show_bug.cgi?id=1211280 * https://bugzilla.suse.com/show_bug.cgi?id=1211281 * https://bugzilla.suse.com/show_bug.cgi?id=1211395 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211465 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211564 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211686 * https://bugzilla.suse.com/show_bug.cgi?id=1211687 * https://bugzilla.suse.com/show_bug.cgi?id=1211688 * https://bugzilla.suse.com/show_bug.cgi?id=1211689 * https://bugzilla.suse.com/show_bug.cgi?id=1211690 * https://bugzilla.suse.com/show_bug.cgi?id=1211691 * https://bugzilla.suse.com/show_bug.cgi?id=1211692 * https://bugzilla.suse.com/show_bug.cgi?id=1211693 * https://bugzilla.suse.com/show_bug.cgi?id=1211714 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211804 * https://bugzilla.suse.com/show_bug.cgi?id=1211807 * https://bugzilla.suse.com/show_bug.cgi?id=1211808 * https://bugzilla.suse.com/show_bug.cgi?id=1211819 * https://bugzilla.suse.com/show_bug.cgi?id=1211847 * https://bugzilla.suse.com/show_bug.cgi?id=1211855 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 * https://jira.suse.com/browse/PED-3692 * https://jira.suse.com/browse/PED-4022 * https://jira.suse.com/browse/SLE-18375 * https://jira.suse.com/browse/SLE-18377 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18379 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18384 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-18992 * https://jira.suse.com/browse/SLE-19001 * https://jira.suse.com/browse/SLE-19255 * https://jira.suse.com/browse/SLE-19556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:55 -0000 Subject: SUSE-FU-2023:2499-1: important: Feature update adding bpftool Message-ID: <168667385530.15398.16507374629239167297@smelt2.suse.de> # Feature update adding bpftool Announcement ID: SUSE-FU-2023:2499-1 Rating: important References: Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 An update that contains two features can now be installed. ## Description: Initial release of bpftool: * Initial release (jsc#PED-3924) bpftool allows for inspection and simple modification of BPF objects on the system. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2499=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2499=1 ## Package List: * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * bpftool-5.3.18-150300.7.3.1 * bpftool-debugsource-5.3.18-150300.7.3.1 * bpftool-debuginfo-5.3.18-150300.7.3.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * bpftool-5.3.18-150300.7.3.1 * bpftool-debugsource-5.3.18-150300.7.3.1 * bpftool-debuginfo-5.3.18-150300.7.3.1 ## References: * https://jira.suse.com/browse/PED-3924 * https://jira.suse.com/browse/PED-4179 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:56 -0000 Subject: SUSE-RU-2023:2498-1: moderate: Recommended update for gdb Message-ID: <168667385689.15398.17073069377437730842@smelt2.suse.de> # Recommended update for gdb Announcement ID: SUSE-RU-2023:2498-1 Rating: moderate References: * #1207712 * #1210081 Affected Products: * SUSE Linux Enterprise Real Time 15 SP3 An update that has two recommended fixes can now be installed. ## Description: This update for gdb fixes the following issues: * Fix license, again (bsc#1210081). * Patches dropped (bsc#1207712): * gdb-container-rh-pkg.patch * Patches added (bsc#1207712): * gdb-testsuite-add-gdb.suse-debranding.exp.patch ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2498=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * gdb-12.1-150100.8.36.1 * gdb-debugsource-12.1-150100.8.36.1 * gdb-debuginfo-12.1-150100.8.36.1 * gdbserver-debuginfo-12.1-150100.8.36.1 * gdbserver-12.1-150100.8.36.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207712 * https://bugzilla.suse.com/show_bug.cgi?id=1210081 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:30:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:30:59 -0000 Subject: SUSE-RU-2023:2497-1: important: Recommended update for libzypp Message-ID: <168667385979.15398.12385964658241040441@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2497-1 Rating: important References: * #1211661 * #1212187 Affected Products: * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for libzypp fixes the following issues: * Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] * Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2497=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2497=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2497=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-2497=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2497=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2497=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2497=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2497=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2497=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2497=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2497=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2497=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2497=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2497=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2497=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2497=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.13-150200.66.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Manager Proxy 4.2 (x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libzypp-devel-17.31.13-150200.66.1 * libzypp-debuginfo-17.31.13-150200.66.1 * libzypp-17.31.13-150200.66.1 * libzypp-debugsource-17.31.13-150200.66.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211661 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:31:02 -0000 Subject: SUSE-RU-2023:2496-1: important: Recommended update for libzypp Message-ID: <168667386229.15398.1640587485006361311@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2496-1 Rating: important References: * #1212187 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one recommended fix can now be installed. ## Description: This update for libzypp fixes the following issue: * Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2496=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2496=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2496=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2496=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.13-150100.3.109.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libzypp-devel-17.31.13-150100.3.109.1 * libzypp-debugsource-17.31.13-150100.3.109.1 * libzypp-17.31.13-150100.3.109.1 * libzypp-debuginfo-17.31.13-150100.3.109.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.13-150100.3.109.1 * libzypp-debugsource-17.31.13-150100.3.109.1 * libzypp-17.31.13-150100.3.109.1 * libzypp-debuginfo-17.31.13-150100.3.109.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libzypp-devel-17.31.13-150100.3.109.1 * libzypp-debugsource-17.31.13-150100.3.109.1 * libzypp-17.31.13-150100.3.109.1 * libzypp-debuginfo-17.31.13-150100.3.109.1 * SUSE CaaS Platform 4.0 (x86_64) * libzypp-devel-17.31.13-150100.3.109.1 * libzypp-debugsource-17.31.13-150100.3.109.1 * libzypp-17.31.13-150100.3.109.1 * libzypp-debuginfo-17.31.13-150100.3.109.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:31:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:31:06 -0000 Subject: SUSE-RU-2023:2495-1: important: Recommended update for libzypp Message-ID: <168667386620.15398.7287066724899502941@smelt2.suse.de> # Recommended update for libzypp Announcement ID: SUSE-RU-2023:2495-1 Rating: important References: * #1211661 * #1212187 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for libzypp fixes the following issues: * Fix "Curl error 92" when synchronizing SUSE Manager repositories. [bsc#1212187] * Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2495=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2495=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2495=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2495=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2495=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2495=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2495=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2495=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2495=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * libzypp-devel-doc-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-devel-17.31.13-150400.3.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * libzypp-devel-doc-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-devel-17.31.13-150400.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.13-150400.3.30.1 * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.13-150400.3.30.1 * libzypp-17.31.13-150400.3.30.1 * libzypp-debuginfo-17.31.13-150400.3.30.1 * libzypp-debugsource-17.31.13-150400.3.30.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211661 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 13 16:31:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 13 Jun 2023 16:31:07 -0000 Subject: SUSE-RU-2023:2494-1: moderate: Recommended update for yast2-network Message-ID: <168667386770.15398.148422844821567430@smelt2.suse.de> # Recommended update for yast2-network Announcement ID: SUSE-RU-2023:2494-1 Rating: moderate References: * #1211026 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-network fixes the following issues: * Fix wicked failing with wpa-enterprise (bsc#1211026) * Update to 4.4.57 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2494=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2494=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2494=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Manager Server 4.3 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * yast2-network-4.4.57-150400.3.21.1 * SUSE Manager Proxy 4.3 (noarch) * yast2-network-4.4.57-150400.3.21.1 * Basesystem Module 15-SP4 (noarch) * yast2-network-4.4.57-150400.3.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211026 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 07:03:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:03:47 +0200 (CEST) Subject: SUSE-CU-2023:1870-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230614070347.D6DD8F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1870-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.146 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.146 Severity : moderate Type : security References : 1211272 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:04:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:04:25 +0200 (CEST) Subject: SUSE-CU-2023:1872-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230614070425.638A7F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1872-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.43 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.43 Severity : moderate Type : security References : 1211272 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2482-1 Released: Mon Jun 12 07:19:53 2023 Summary: Recommended update for systemd-rpm-macros Type: recommended Severity: moderate References: 1211272 This update for systemd-rpm-macros fixes the following issues: - Adjust functions so they are disabled when called from a chroot (bsc#1211272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - systemd-rpm-macros-13-150000.7.33.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:06:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:06:51 +0200 (CEST) Subject: SUSE-CU-2023:1873-1: Security update of suse/sles12sp4 Message-ID: <20230614070651.77018F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1873-1 Container Tags : suse/sles12sp4:26.613 , suse/sles12sp4:latest Container Release : 26.613 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2483-1 Released: Mon Jun 12 08:46:57 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - base-container-licenses-3.0-1.355 updated - container-suseconnect-2.0.0-1.237 updated - libldap-2_4-2-2.4.41-22.19.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:08:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:08:34 +0200 (CEST) Subject: SUSE-CU-2023:1874-1: Security update of suse/sles12sp5 Message-ID: <20230614070834.40566F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1874-1 Container Tags : suse/sles12sp5:6.5.479 , suse/sles12sp5:latest Container Release : 6.5.479 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2483-1 Released: Mon Jun 12 08:46:57 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.41-22.19.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:10:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:10:59 +0200 (CEST) Subject: SUSE-CU-2023:1875-1: Recommended update of suse/sle15 Message-ID: <20230614071059.5637FF3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1875-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.778 Container Release : 6.2.778 Severity : important Type : recommended References : 1212187 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2496-1 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1212187 This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] The following package changes have been done: - libzypp-17.31.13-150100.3.109.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:12:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:12:44 +0200 (CEST) Subject: SUSE-CU-2023:1876-1: Recommended update of suse/sle15 Message-ID: <20230614071244.A3FC5F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1876-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.305 Container Release : 9.5.305 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150200.66.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:14:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:14:10 +0200 (CEST) Subject: SUSE-CU-2023:1877-1: Security update of suse/sle15 Message-ID: <20230614071410.82CA2F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1877-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.146 , suse/sle15:15.3 , suse/sle15:15.3.17.20.146 Container Release : 17.20.146 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:14:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:14:11 +0200 (CEST) Subject: SUSE-CU-2023:1878-1: Recommended update of suse/sle15 Message-ID: <20230614071411.6E369F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1878-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.147 , suse/sle15:15.3 , suse/sle15:15.3.17.20.147 Container Release : 17.20.147 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150200.66.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:14:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:14:55 +0200 (CEST) Subject: SUSE-CU-2023:1879-1: Security update of suse/389-ds Message-ID: <20230614071455.97686F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1879-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-22.3 , suse/389-ds:latest Container Release : 22.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:15:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:15:07 +0200 (CEST) Subject: SUSE-CU-2023:1880-1: Security update of bci/golang Message-ID: <20230614071507.E43B2F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1880-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-3.3 , bci/golang:latest Container Release : 3.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:15:54 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:15:54 +0200 (CEST) Subject: SUSE-CU-2023:1882-1: Security update of bci/bci-init Message-ID: <20230614071554.20BD7F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1882-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.27.3 , bci/bci-init:latest Container Release : 27.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:16:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:16:31 +0200 (CEST) Subject: SUSE-CU-2023:1884-1: Security update of bci/nodejs Message-ID: <20230614071631.7EE6CF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1884-1 Container Tags : bci/node:16 , bci/node:16-16.3 , bci/nodejs:16 , bci/nodejs:16-16.3 Container Release : 16.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:16:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:16:46 +0200 (CEST) Subject: SUSE-CU-2023:1886-1: Security update of bci/nodejs Message-ID: <20230614071646.0AF17F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1886-1 Container Tags : bci/node:18 , bci/node:18-4.3 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-4.3 , bci/nodejs:latest Container Release : 4.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:17:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:17:44 +0200 (CEST) Subject: SUSE-CU-2023:1888-1: Security update of bci/openjdk-devel Message-ID: <20230614071744.0D63BF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1888-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-40.5 Container Release : 40.5 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:bci-openjdk-11-15.4.11-36.2 updated From sle-updates at lists.suse.com Wed Jun 14 07:18:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:18:14 +0200 (CEST) Subject: SUSE-CU-2023:1889-1: Security update of bci/openjdk-devel Message-ID: <20230614071814.47813F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1889-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-15.4 , bci/openjdk-devel:latest Container Release : 15.4 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:bci-openjdk-17-15.4.17-14.2 updated From sle-updates at lists.suse.com Wed Jun 14 07:19:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:19:11 +0200 (CEST) Subject: SUSE-CU-2023:1890-1: Security update of suse/pcp Message-ID: <20230614071911.C7019F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1890-1 Container Tags : suse/pcp:5 , suse/pcp:5-16.3 , suse/pcp:5.2 , suse/pcp:5.2-16.3 , suse/pcp:5.2.5 , suse/pcp:5.2.5-16.3 , suse/pcp:latest Container Release : 16.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:bci-bci-init-15.4-15.4-27.3 updated From sle-updates at lists.suse.com Wed Jun 14 07:19:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:19:22 +0200 (CEST) Subject: SUSE-CU-2023:1891-1: Security update of bci/php-apache Message-ID: <20230614071922.9FBBCF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1891-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-3.3 Container Release : 3.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:19:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:19:33 +0200 (CEST) Subject: SUSE-CU-2023:1892-1: Security update of bci/php-fpm Message-ID: <20230614071933.C0067F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1892-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-3.3 Container Release : 3.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.67 updated From sle-updates at lists.suse.com Wed Jun 14 07:19:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:19:45 +0200 (CEST) Subject: SUSE-CU-2023:1893-1: Security update of bci/php Message-ID: <20230614071945.1E1B5F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1893-1 Container Tags : bci/php:8 , bci/php:8-3.2 Container Release : 3.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:19:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:19:50 +0200 (CEST) Subject: SUSE-CU-2023:1894-1: Security update of bci/rust Message-ID: <20230614071950.8AC28F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1894-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-3.2 , bci/rust:latest Container Release : 3.2 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:20:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:20:25 +0200 (CEST) Subject: SUSE-CU-2023:1895-1: Recommended update of suse/sle15 Message-ID: <20230614072025.058B0F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1895-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.68 , suse/sle15:15.4 , suse/sle15:15.4.27.14.68 Container Release : 27.14.68 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150400.3.30.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:26:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:26:25 +0200 (CEST) Subject: SUSE-CU-2023:1895-1: Recommended update of suse/sle15 Message-ID: <20230614072625.AADE2F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1895-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.68 , suse/sle15:15.4 , suse/sle15:15.4.27.14.68 Container Release : 27.14.68 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150400.3.30.1 updated From sle-updates at lists.suse.com Wed Jun 14 07:26:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 09:26:47 +0200 (CEST) Subject: SUSE-CU-2023:1897-1: Security update of suse/sle15 Message-ID: <20230614072647.1C362F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1897-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.3 , suse/sle15:15.5 , suse/sle15:15.5.36.5.3 Container Release : 36.5.3 Severity : important Type : security References : 1029961 1120610 1120610 1127591 1130496 1130496 1177047 1178233 1180713 1181131 1181131 1184124 1186642 1195633 1198062 1198922 1200441 1200441 1200657 1200657 1202436 1202436 1202436 1203141 1203248 1203249 1203537 1203600 1203715 1204548 1204956 1205570 1205636 1206134 1206949 1207294 1207410 1207571 1207753 1207789 1207957 1207975 1207990 1207991 1207992 1208270 1208271 1208272 1208329 1208358 1208432 1209030 1209094 1209122 1209140 1209209 1209210 1209211 1209212 1209214 1209406 1209533 1209713 1209714 1210135 1210434 1210507 1210870 1211230 1211231 1211232 1211233 1211661 1211795 1212187 CVE-2018-20482 CVE-2018-20482 CVE-2019-9923 CVE-2019-9923 CVE-2021-20193 CVE-2021-20193 CVE-2022-1271 CVE-2022-41720 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-48303 CVE-2022-4899 CVE-2023-0687 CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 CVE-2023-24532 CVE-2023-24593 CVE-2023-25180 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-29383 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:926-1 Released: Wed Apr 10 16:33:12 2019 Summary: Security update for tar Type: security Severity: moderate References: 1120610,1130496,CVE-2018-20482,CVE-2019-9923 This update for tar fixes the following issues: Security issues fixed: - CVE-2019-9923: Fixed a denial of service while parsing certain archives with malformed extended headers in pax_decode_header() (bsc#1130496). - CVE-2018-20482: Fixed a denial of service when the '--sparse' option mishandles file shrinkage during read access (bsc#1120610). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3791-1 Released: Mon Dec 14 17:39:19 2020 Summary: Recommended update for gzip Type: recommended Severity: moderate References: This update for gzip fixes the following issue: - Enable `DFLTCC` (Deflate Conversion Call) compression for s390x for levels 1-6 to `CFLAGS`. (jsc#SLE-13775) Enable by adding `-DDFLTCC_LEVEL_MASK=0x7e` to `CFLAGS`. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:974-1 Released: Mon Mar 29 19:31:27 2021 Summary: Security update for tar Type: security Severity: low References: 1181131,CVE-2021-20193 This update for tar fixes the following issues: CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1018-1 Released: Tue Apr 6 14:29:13 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1180713 This update for gzip fixes the following issues: - Fixes an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1289-1 Released: Wed Apr 21 14:02:46 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1177047 This update for gzip fixes the following issues: - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1935-1 Released: Thu Jun 10 10:45:09 2021 Summary: Recommended update for gzip Type: recommended Severity: moderate References: 1186642 This update for gzip fixes the following issue: - gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2193-1 Released: Mon Jun 28 18:38:43 2021 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1184124 This update for tar fixes the following issues: - Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1548-1 Released: Thu May 5 16:45:28 2022 Summary: Security update for tar Type: security Severity: moderate References: 1029961,1120610,1130496,1181131,CVE-2018-20482,CVE-2019-9923,CVE-2021-20193 This update for tar fixes the following issues: - CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131). - CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496). - CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610). - Update to GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131) * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges - Update to GNU tar 1.33: * POSIX extended format headers do not include PID by default * --delay-directory-restore works for archives with reversed member ordering * Fix extraction of a symbolic link hardlinked to another symbolic link * Wildcards in exclude-vcs-ignore mode don't match slash * Fix the --no-overwrite-dir option * Fix handling of chained renames in incremental backups * Link counting works for file names supplied with -T * Accept only position-sensitive (file-selection) options in file list files - prepare usrmerge (bsc#1029961) - Update to GNU 1.32 * Fix the use of --checkpoint without explicit --checkpoint-action * Fix extraction with the -U option * Fix iconv usage on BSD-based systems * Fix possible NULL dereference (savannah bug #55369) [bsc#1130496] [CVE-2019-9923] * Improve the testsuite - Update to GNU 1.31 * Fix heap-buffer-overrun with --one-top-level, bug introduced with the addition of that option in 1.28 * Support for zstd compression * New option '--zstd' instructs tar to use zstd as compression program. When listing, extractng and comparing, zstd compressed archives are recognized automatically. When '-a' option is in effect, zstd compression is selected if the destination archive name ends in '.zst' or '.tzst'. * The -K option interacts properly with member names given in the command line. Names of members to extract can be specified along with the '-K NAME' option. In this case, tar will extract NAME and those of named members that appear in the archive after it, which is consistent with the semantics of the option. Previous versions of tar extracted NAME, those of named members that appeared before it, and everything after it. * Fix CVE-2018-20482 - When creating archives with the --sparse option, previous versions of tar would loop endlessly if a sparse file had been truncated while being archived. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1617-1 Released: Tue May 10 14:40:12 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,1198922,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2735-1 Released: Wed Aug 10 04:31:41 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657 This update for tar fixes the following issues: - Fix race condition while creating intermediate subdirectories (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2844-1 Released: Thu Aug 18 14:41:25 2022 Summary: Recommended update for tar Type: recommended Severity: important References: 1202436 This update for tar fixes the following issues: - A regression in a previous update lead to potential deadlocks when extracting an archive. (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4312-1 Released: Fri Dec 2 11:16:47 2022 Summary: Recommended update for tar Type: recommended Severity: moderate References: 1200657,1203600 This update for tar fixes the following issues: - Fix unexpected inconsistency when making directory (bsc#1203600) - Update race condition fix (bsc#1200657) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:429-1 Released: Wed Feb 15 17:41:22 2023 Summary: Security update for curl Type: security Severity: important References: 1207990,1207991,1207992,CVE-2023-23914,CVE-2023-23915,CVE-2023-23916 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:463-1 Released: Mon Feb 20 16:33:39 2023 Summary: Security update for tar Type: security Severity: moderate References: 1202436,1207753,CVE-2022-48303 This update for tar fixes the following issues: - CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753). Bug fixes: - Fix hang when unpacking test tarball (bsc#1202436). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:464-1 Released: Mon Feb 20 18:11:37 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: - Merge of v249.15 - Drop workaround related to systemd-timesyncd that addressed a Factory issue. - Conditionalize the use of /lib/modprobe.d only on systems with split usr support enabled (i.e. SLE). - Make use of the %systemd_* rpm macros consistently. Using the upstream variants will ease the backports of Factory changes to SLE since Factory systemd uses the upstream variants exclusively. - machines.target belongs to systemd-container, do its init/cleanup steps from the scriptlets of this sub-package. - Make sure we apply the presets on units shipped by systemd package. - systemd-testsuite: move the integration tests in a dedicated sub directory. - Move systemd-cryptenroll into udev package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1207789 This update for jitterentropy fixes the following issues: - build jitterentropy library with debuginfo (bsc#1207789) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:713-1 Released: Mon Mar 13 10:25:04 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: This update for suse-build-key fixes the following issues: This update provides multiple new 4096 RSA keys for SUSE Linux Enterprise 15, SUSE Manager 4.2/4.3, Storage 7.1, SUSE Registry) that we will switch to mid of 2023. (jsc#PED-2777) - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SUSE Linux Enterprise (RPM and repositories). - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserve key for SUSE Linux Enterprise (RPM and repositories). - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF packages. - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem: New RSA 4096 key for the SUSE registry registry.suse.com, installed as suse-container-key-2023.pem and suse-container-key-2023.asc - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem: New PTF container signing key for registry.suse.com/ptf/ space. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:714-1 Released: Mon Mar 13 10:53:25 2023 Summary: Recommended update for rpm Type: recommended Severity: important References: 1207294 This update for rpm fixes the following issues: - Fix missing python(abi) for 3.XX versions (bsc#1207294) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:788-1 Released: Thu Mar 16 19:37:59 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:871-1 Released: Wed Mar 22 14:32:45 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441,1206134,1208270,1208271,1208272,1209030,CVE-2022-41720,CVE-2022-41723,CVE-2022-41724,CVE-2022-41725,CVE-2023-24532 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1851-1 Released: Fri Apr 14 15:08:38 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: This update for container-suseconnect fixes the following issue: - rebuilt against current go version. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2174-1 Released: Thu May 11 13:08:09 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1200441 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - container-suseconnect-2.4.0-150000.4.28.1 updated - curl-8.0.1-150400.5.23.1 updated - glibc-2.31-150300.46.1 updated - gzip-1.10-150200.10.1 added - krb5-1.20.1-150500.1.2 updated - libblkid1-2.37.4-150500.7.16 updated - libcurl4-8.0.1-150400.5.23.1 updated - libfdisk1-2.37.4-150500.7.16 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libgcrypt20-hmac-1.9.4-150500.10.19 updated - libgcrypt20-1.9.4-150500.10.19 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libjitterentropy3-3.4.0-150000.1.9.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libmount1-2.37.4-150500.7.16 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-hmac-1.1.1l-150500.15.4 updated - libopenssl1_1-1.1.1l-150500.15.4 updated - libprocps7-3.3.15-150000.7.31.1 updated - libsasl2-3-2.1.28-150500.1.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - libsmartcols1-2.37.4-150500.7.16 updated - libsolv-tools-0.7.24-150400.3.6.4 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libudev1-249.16-150400.8.28.3 updated - libuuid1-2.37.4-150500.7.16 updated - libxml2-2-2.10.3-150500.3.1 updated - libz1-1.2.13-150500.2.3 updated - libzstd1-1.5.0-150400.3.3.1 updated - libzypp-17.31.13-150400.3.30.1 updated - login_defs-4.8.1-150400.10.6.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - openssl-1_1-1.1.1l-150500.15.4 updated - patterns-base-fips-20200124-150400.20.4.1 updated - procps-3.3.15-150000.7.31.1 updated - rpm-ndb-4.14.3-150300.55.1 updated - shadow-4.8.1-150400.10.6.1 updated - skelcd-EULA-bci-2023.03.06-150500.2.1 updated - sles-release-15.5-150500.43.4 updated - suse-build-key-12.0-150000.8.31.1 updated - tar-1.34-150000.3.31.1 added - terminfo-base-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-2.37.4-150500.7.16 updated - zypper-1.14.60-150400.3.21.2 updated From sle-updates at lists.suse.com Wed Jun 14 08:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 08:30:16 -0000 Subject: SUSE-SU-2023:2507-1: important: Security update for the Linux Kernel Message-ID: <168673141622.30589.17578712537362841602@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2507-1 Rating: important References: * #1065729 * #1118212 * #1129770 * #1154048 * #1172073 * #1191731 * #1199046 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1209287 * #1209366 * #1209857 * #1210544 * #1210629 * #1210715 * #1210783 * #1210791 * #1210806 * #1210940 * #1211044 * #1211089 * #1211105 * #1211186 * #1211275 * #1211360 * #1211361 * #1211362 * #1211363 * #1211364 * #1211365 * #1211366 * #1211466 * #1211592 * #1211622 * #1211796 * #1211801 * #1211816 * #1211960 Cross-References: * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1380 * CVE-2023-2176 * CVE-2023-2194 * CVE-2023-2269 * CVE-2023-2513 * CVE-2023-28466 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32269 CVSS scores: * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves 15 vulnerabilities and has 28 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 AZURE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr (PED-3947 bsc#1210544 ltc#202303). * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * Fix usrmerge error (boo#1211796) * IB/hfi1: Assign npages earlier (git-fixes) * IB/iser: bound protection_sg size by data_sg size (git-fixes) * IB/mlx4: Fix memory leaks (git-fixes) * IB/mlx4: Increase the timeout for CM cache (git-fixes) * IB/mlx5: Fix initializing CQ fragments buffer (git-fixes) * IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git- fixes) * IB/usnic: Fix potential deadlock (git-fixes) * KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (git-fixes). * KVM: x86: Update the exit_qualification access bits while walking an address (git-fixes). * KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (git-fixes). * KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). * KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). * KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). * KVM: x86: fix empty-body warnings (git-fixes). * KVM: x86: fix incorrect comparison in trace event (git-fixes). * KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes). * Move upstreamed media fixes into sorted section * PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). * PCI: Call Max Payload Size-related fixup quirks early (git-fixes). * PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). * PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). * PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). * PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git- fixes). * PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). * PCI: aardvark: Fix checking for PIO status (git-fixes). * PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). * PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). * PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). * RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes) * RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes) * RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes) * RDMA/core: Do not access cm_id after its destruction (git-fixes) * RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes) * RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) * RDMA/hns: Bugfix for querying qkey (git-fixes) * RDMA/i40iw: Fix potential use after free (git-fixes) * RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes) * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes) * RDMA/mlx5: Block delay drop to unprivileged users (git-fixes) * RDMA/rxe: Fix error type of mmap_offset (git-fixes) * RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) * RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git- fixes) * RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) * RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) * RDS: IB: Fix null pointer issue (git-fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * Update patch reference for libata fix (bsc#1118212). * adm8211: fix error return code in adm8211_probe() (git-fixes). * backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770) * blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275) * bonding: show full hw address in sysfs for slave entries (git-fixes). * ceph: force updating the msg pointer in non-split case (bsc#1211801). * cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: no memory barrier after break from idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544 ltc#202303). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Check font dimension limits (bsc#1154048) * fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048) * fix kcm_clone() (git-fixes). * fotg210-udc: Add missing completion handler (git-fixes). * ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes). * ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes). * ipoib: correcly show a VF hardware address (git-fixes) * ipv4: ipv4_default_advmss() should use route mtu (git-fixes). * ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes). * ipv6: icmp6: Allow icmp messages to be looped back (git-fixes). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * kcm: Check if sk_user_data already set in kcm_attach (git-fixes). * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). * kvm: mmu: Do not read PDPTEs when paging is not enabled (git-fixes). * l2tp: remove configurable payload offset (git-fixes). * l2tp: remove l2specific_len dependency in l2tp_core (git-fixes). * libata: add horkage for ASMedia 1092 (git-fixes). * mac80211: choose first enabled channel for monitor (git-fixes). * mac80211: drop multicast fragments (git-fixes). * mac80211: fix fast-rx encryption check (git-fixes). * mac80211: pause TX while changing interface type (git-fixes). * media: radio-shark: Add endpoint checks (git-fixes). * mlx4: Use snprintf instead of complicated strcpy (git-fixes) * mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211466). * net/mlx4_core: Fix return codes of unsupported operations (git-fixes). * net/tcp/illinois: replace broken algorithm reference link (git-fixes). * net: Extra '_get' in declaration of arch_get_platform_mac_address (git- fixes). * net: altera_tse: fix connect_local_phy error path (git-fixes). * net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (git- fixes). * net: amd: add missing of_node_put() (git-fixes). * net: arc_emac: fix arc_emac_rx() error paths (git-fixes). * net: broadcom: fix return type of ndo_start_xmit function (git-fixes). * net: davinci_emac: match the mdio device against its compatible if possible (git-fixes). * net: dsa: b53: Add BCM5389 support (git-fixes). * net: dsa: bcm_sf2: Turn on PHY to allow successful registration (git-fixes). * net: dsa: mt7530: fix module autoloading for OF platform drivers (git- fixes). * net: dsa: qca8k: Add support for QCA8334 switch (git-fixes). * net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes). * net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git- fixes). * net: faraday: fix return type of ndo_start_xmit function (git-fixes). * net: hisilicon: remove unexpected free_netdev (git-fixes). * net: hns3: fix return type of ndo_start_xmit function (git-fixes). * net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes). * net: ibm: fix possible object reference leak (git-fixes). * net: ipv6: send NS for DAD when link operationally up (git-fixes). * net: mediatek: setup proper state for disabled GMAC on the default (git- fixes). * net: micrel: fix return type of ndo_start_xmit function (git-fixes). * net: mvneta: fix enable of all initialized RXQs (git-fixes). * net: netxen: fix a missing check and an uninitialized use (git-fixes). * net: propagate dev_get_valid_name return code (git-fixes). * net: qca_spi: Fix log level if probe fails (git-fixes). * net: qcom/emac: Use proper free methods during TX (git-fixes). * net: qla3xxx: Remove overflowing shift statement (git-fixes). * net: smsc: fix return type of ndo_start_xmit function (git-fixes). * net: stmmac: do not log oversized frames (git-fixes). * net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes). * net: sun: fix return type of ndo_start_xmit function (git-fixes). * net: toshiba: fix return type of ndo_start_xmit function (git-fixes). * net: xfrm: allow clearing socket xfrm policies (git-fixes). * net: xilinx: fix return type of ndo_start_xmit function (git-fixes). * netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes). * netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes). * netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount (git-fixes). * nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: unquiesce admin queue on shutdown (git-fixes). * nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git- fixes). * nvme: Fix u32 overflow in the number of namespace list calculation (git- fixes). * nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes). * nvme: refine the Qemu Identify CNS quirk (git-fixes). * nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes). * platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to 0 (git-fixes). * platform/x86: alienware-wmi: constify attribute_group structures (git- fixes). * platform/x86: alienware-wmi: fix format string overflow warning (git-fixes). * platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer (git-fixes). * platform/x86: dell-laptop: fix rfkill functionality. * platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). * platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). * powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947 bsc#1210544 ltc#202303). * powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544 ltc#202303). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947 bsc#1210544 ltc#202303). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947 bsc#1210544 ltc#202303). * powerpc: Squash lines for simple wrapper functions (bsc#1065729). * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (git-fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes) * s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362). * s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363). * s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360). * s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364). * s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes bsc#1211365). * s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (LTC#202116 bsc#1209857 git-fixes). * s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361). * scsi: qla2xxx: Declare SCSI host template const (bsc#1211960). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: storvsc: Parameterize number hardware queues (bsc#1211622). * sctp: avoid flushing unsent queue when doing asoc reset (git-fixes). * sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes). * sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege (git-fixes). * sctp: make use of pre-calculated len (git-fixes). * seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816). * sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe (git- fixes). * sit: fix IFLA_MTU ignored on NEWLINK (git-fixes). * stmmac: fix valid numbers of unicast filter entries (git-fixes). * sunvnet: does not support GSO for sctp (git-fixes). * usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * usrmerge: Compatibility with earlier rpm (boo#1211796) * usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). * vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes). * wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). * wcn36xx: Add ieee80211 rx status rate information (git-fixes). * wcn36xx: Channel list update before hardware scan (git-fixes). * wcn36xx: Disable bmps when encryption is disabled (git-fixes). * wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). * wcn36xx: Fix TX data path (git-fixes). * wcn36xx: Fix multiple AMPDU sessions support (git-fixes). * wcn36xx: Fix software-driven scan (git-fix). * wcn36xx: Fix warning due to bad rate_idx (git-fixes). * wcn36xx: Increase number of TX retries (git-fixes). * wcn36xx: Specify ieee80211_rx_status.nss (git-fixes). * wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp (git-fixes). * wcn36xx: Use sequence number allocated by mac80211 (git-fixes). * wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes). * wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). * wcn36xx: fix spelling mistake "to" -> "too" (git-fixes). * wcn36xx: fix typo (git-fixes). * wcn36xx: remove unecessary return (git-fixes). * wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86/kvm/vmx: fix old-style function declaration (git-fixes). * x86/kvm: Do not call kvm_spurious_fault() from .fixup (git-fixes). * x86: kvm: avoid constant-conversion warning (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2507=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2507=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2507=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.136.1 * kernel-azure-debugsource-4.12.14-16.136.1 * kernel-azure-base-4.12.14-16.136.1 * kernel-syms-azure-4.12.14-16.136.1 * kernel-azure-devel-4.12.14-16.136.1 * kernel-azure-debuginfo-4.12.14-16.136.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.136.1 * kernel-source-azure-4.12.14-16.136.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.136.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.136.1 * kernel-azure-debugsource-4.12.14-16.136.1 * kernel-azure-base-4.12.14-16.136.1 * kernel-syms-azure-4.12.14-16.136.1 * kernel-azure-devel-4.12.14-16.136.1 * kernel-azure-debuginfo-4.12.14-16.136.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.136.1 * kernel-source-azure-4.12.14-16.136.1 * SUSE Linux Enterprise Server 12 SP5 (nosrc x86_64) * kernel-azure-4.12.14-16.136.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-azure-base-debuginfo-4.12.14-16.136.1 * kernel-azure-debugsource-4.12.14-16.136.1 * kernel-azure-base-4.12.14-16.136.1 * kernel-syms-azure-4.12.14-16.136.1 * kernel-azure-devel-4.12.14-16.136.1 * kernel-azure-debuginfo-4.12.14-16.136.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-azure-4.12.14-16.136.1 * kernel-source-azure-4.12.14-16.136.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1118212 * https://bugzilla.suse.com/show_bug.cgi?id=1129770 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209857 * https://bugzilla.suse.com/show_bug.cgi?id=1210544 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211275 * https://bugzilla.suse.com/show_bug.cgi?id=1211360 * https://bugzilla.suse.com/show_bug.cgi?id=1211361 * https://bugzilla.suse.com/show_bug.cgi?id=1211362 * https://bugzilla.suse.com/show_bug.cgi?id=1211363 * https://bugzilla.suse.com/show_bug.cgi?id=1211364 * https://bugzilla.suse.com/show_bug.cgi?id=1211365 * https://bugzilla.suse.com/show_bug.cgi?id=1211366 * https://bugzilla.suse.com/show_bug.cgi?id=1211466 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211801 * https://bugzilla.suse.com/show_bug.cgi?id=1211816 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 08:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 08:30:23 -0000 Subject: SUSE-SU-2023:2506-1: important: Security update for the Linux Kernel Message-ID: <168673142366.30589.15376114329452839438@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2506-1 Rating: important References: * #1108488 * #1204414 * #1207036 * #1207051 * #1207125 * #1207795 * #1208837 * #1209008 * #1209256 * #1209291 * #1209532 * #1209871 * #1210336 * #1210647 * #1211186 Cross-References: * CVE-2017-5753 * CVE-2018-9517 * CVE-2022-3567 * CVE-2023-0590 * CVE-2023-1118 * CVE-2023-1513 * CVE-2023-1670 * CVE-2023-1989 * CVE-2023-2162 * CVE-2023-23454 * CVE-2023-23455 * CVE-2023-23559 * CVE-2023-28328 * CVE-2023-32269 CVSS scores: * CVE-2017-5753 ( SUSE ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2017-5753 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N * CVE-2018-9517 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2018-9517 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-3567 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3567 ( NVD ): 4.6 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L * CVE-2023-0590 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-0590 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1118 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1118 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1513 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2023-1513 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1670 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1670 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1989 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23454 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23454 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28328 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28328 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 An update that solves 14 vulnerabilities and has one fix can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 LTSS EXTREME CORE kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). * CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). * CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). * CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). * CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). * CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). * CVE-2018-9517: Fixed possible memory corruption due to a use after free in pppol2tp_connect (bsc#1108488). * CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). * CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). * CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). * CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). The following non-security bugs were fixed: * Do not sign the vanilla kernel (bsc#1209008). * do not fallthrough in cbq_classify and stop on TC_ACT_SHOT ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2506=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2023-2506=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (nosrc x86_64) * kernel-default-3.0.101-108.141.1 * kernel-trace-3.0.101-108.141.1 * kernel-xen-3.0.101-108.141.1 * kernel-ec2-3.0.101-108.141.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE 11-SP4 (x86_64) * kernel-ec2-devel-3.0.101-108.141.1 * kernel-trace-devel-3.0.101-108.141.1 * kernel-xen-devel-3.0.101-108.141.1 * kernel-syms-3.0.101-108.141.1 * kernel-trace-base-3.0.101-108.141.1 * kernel-xen-base-3.0.101-108.141.1 * kernel-source-3.0.101-108.141.1 * kernel-default-base-3.0.101-108.141.1 * kernel-ec2-base-3.0.101-108.141.1 * kernel-default-devel-3.0.101-108.141.1 * SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-default-3.0.101-108.141.1 * kernel-trace-3.0.101-108.141.1 * kernel-xen-3.0.101-108.141.1 * kernel-ec2-3.0.101-108.141.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-ec2-devel-3.0.101-108.141.1 * kernel-trace-devel-3.0.101-108.141.1 * kernel-xen-devel-3.0.101-108.141.1 * kernel-syms-3.0.101-108.141.1 * kernel-trace-base-3.0.101-108.141.1 * kernel-xen-base-3.0.101-108.141.1 * kernel-source-3.0.101-108.141.1 * kernel-default-base-3.0.101-108.141.1 * kernel-ec2-base-3.0.101-108.141.1 * kernel-default-devel-3.0.101-108.141.1 ## References: * https://www.suse.com/security/cve/CVE-2017-5753.html * https://www.suse.com/security/cve/CVE-2018-9517.html * https://www.suse.com/security/cve/CVE-2022-3567.html * https://www.suse.com/security/cve/CVE-2023-0590.html * https://www.suse.com/security/cve/CVE-2023-1118.html * https://www.suse.com/security/cve/CVE-2023-1513.html * https://www.suse.com/security/cve/CVE-2023-1670.html * https://www.suse.com/security/cve/CVE-2023-1989.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-23454.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-23559.html * https://www.suse.com/security/cve/CVE-2023-28328.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1108488 * https://bugzilla.suse.com/show_bug.cgi?id=1204414 * https://bugzilla.suse.com/show_bug.cgi?id=1207036 * https://bugzilla.suse.com/show_bug.cgi?id=1207051 * https://bugzilla.suse.com/show_bug.cgi?id=1207125 * https://bugzilla.suse.com/show_bug.cgi?id=1207795 * https://bugzilla.suse.com/show_bug.cgi?id=1208837 * https://bugzilla.suse.com/show_bug.cgi?id=1209008 * https://bugzilla.suse.com/show_bug.cgi?id=1209256 * https://bugzilla.suse.com/show_bug.cgi?id=1209291 * https://bugzilla.suse.com/show_bug.cgi?id=1209532 * https://bugzilla.suse.com/show_bug.cgi?id=1209871 * https://bugzilla.suse.com/show_bug.cgi?id=1210336 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 12:30:06 -0000 Subject: SUSE-RU-2023:2245-2: moderate: Recommended update for libzypp, zypper Message-ID: <168674580646.20736.17243435775265927278@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2245-2 Rating: moderate References: * #1127591 * #1195633 * #1208329 * #1209406 * #1210870 Affected Products: * openSUSE Leap 15.5 An update that has five recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: * Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) * multicurl: propagate ssl settings stored in repo url (bsc#1127591) * MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) * zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) * Teach MediaNetwork to retry on HTTP2 errors. * Fix selecting installed patterns from picklist (bsc#1209406) * man: better explanation of --priority ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2245=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsolv-demo-0.7.24-150400.3.6.4 * zypper-1.14.60-150400.3.21.2 * perl-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-tools-0.7.24-150400.3.6.4 * python3-solv-debuginfo-0.7.24-150400.3.6.4 * zypper-debugsource-1.14.60-150400.3.21.2 * zypper-debuginfo-1.14.60-150400.3.21.2 * libzypp-debuginfo-17.31.11-150400.3.25.2 * libsolv-demo-debuginfo-0.7.24-150400.3.6.4 * ruby-solv-0.7.24-150400.3.6.4 * libsolv-debugsource-0.7.24-150400.3.6.4 * libsolv-tools-debuginfo-0.7.24-150400.3.6.4 * libzypp-devel-doc-17.31.11-150400.3.25.2 * libsolv-debuginfo-0.7.24-150400.3.6.4 * libzypp-devel-17.31.11-150400.3.25.2 * libzypp-debugsource-17.31.11-150400.3.25.2 * python-solv-debuginfo-0.7.24-150400.3.6.4 * libsolv-devel-debuginfo-0.7.24-150400.3.6.4 * perl-solv-0.7.24-150400.3.6.4 * libzypp-17.31.11-150400.3.25.2 * python-solv-0.7.24-150400.3.6.4 * libsolv-devel-0.7.24-150400.3.6.4 * python3-solv-0.7.24-150400.3.6.4 * ruby-solv-debuginfo-0.7.24-150400.3.6.4 * openSUSE Leap 15.5 (noarch) * zypper-needs-restarting-1.14.60-150400.3.21.2 * zypper-aptitude-1.14.60-150400.3.21.2 * zypper-log-1.14.60-150400.3.21.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1127591 * https://bugzilla.suse.com/show_bug.cgi?id=1195633 * https://bugzilla.suse.com/show_bug.cgi?id=1208329 * https://bugzilla.suse.com/show_bug.cgi?id=1209406 * https://bugzilla.suse.com/show_bug.cgi?id=1210870 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:03 -0000 Subject: SUSE-RU-2023:2514-1: moderate: Recommended update for container-selinux Message-ID: <168677460386.1421.15857197320360572054@smelt2.suse.de> # Recommended update for container-selinux Announcement ID: SUSE-RU-2023:2514-1 Rating: moderate References: * #1211774 Affected Products: * SUSE Linux Enterprise Micro 5.1 An update that has one recommended fix can now be installed. ## Description: This update for container-selinux fixes the following issues: * Esnure proper labels for conmon and fix startup issues due to MCS (bsc#1211774) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2514=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (noarch) * container-selinux-2.171.0-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211774 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:06 -0000 Subject: SUSE-RU-2023:2512-1: moderate: Recommended update for powerpc-utils Message-ID: <168677460659.1421.6439870347945225905@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:2512-1 Rating: moderate References: * #1211883 * #1212031 Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Fix negative utilization value reported by lparstat -E (bsc#1212031) * Fix lparstat error with mixed SMT state (bsc#1211883 ltc#02144) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2512=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2512=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * powerpc-utils-debugsource-1.3.9-8.20.1 * powerpc-utils-1.3.9-8.20.1 * powerpc-utils-debuginfo-1.3.9-8.20.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * powerpc-utils-debugsource-1.3.9-8.20.1 * powerpc-utils-1.3.9-8.20.1 * powerpc-utils-debuginfo-1.3.9-8.20.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211883 * https://bugzilla.suse.com/show_bug.cgi?id=1212031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:09 -0000 Subject: SUSE-RU-2023:2511-1: moderate: Recommended update for powerpc-utils Message-ID: <168677460911.1421.7900038109255752290@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:2511-1 Rating: moderate References: * #1211883 * #1212031 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Fix negative utilization value reported by lparstat -E (bsc#1212031) * Fix lparstat error with mixed SMT state (bsc#1211883 ltc#02144) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2511=1 SUSE-2023-2511=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2511=1 ## Package List: * openSUSE Leap 15.5 (ppc64le) * powerpc-utils-debuginfo-1.3.11-150500.3.3.1 * powerpc-utils-debugsource-1.3.11-150500.3.3.1 * powerpc-utils-1.3.11-150500.3.3.1 * Basesystem Module 15-SP5 (ppc64le) * powerpc-utils-debuginfo-1.3.11-150500.3.3.1 * powerpc-utils-debugsource-1.3.11-150500.3.3.1 * powerpc-utils-1.3.11-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211883 * https://bugzilla.suse.com/show_bug.cgi?id=1212031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:10 -0000 Subject: SUSE-RU-2023:2510-1: moderate: Recommended update for drbd-utils Message-ID: <168677461058.1421.1579702597391491143@smelt2.suse.de> # Recommended update for drbd-utils Announcement ID: SUSE-RU-2023:2510-1 Rating: moderate References: * #1209783 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that has one recommended fix can now be installed. ## Description: This update for drbd-utils fixes the following issues: * Improve compatibility with Pacemaker 2.1 (bsc#1209783) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2510=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2510=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2510=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2510=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2510=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2510=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2510=1 * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2510=1 * SUSE Linux Enterprise High Availability Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-HA-15-SP5-2023-2510=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 * SUSE Linux Enterprise High Availability Extension 15 SP5 (aarch64 ppc64le s390x x86_64) * drbd-utils-debugsource-9.19.0-150400.3.17.1 * drbd-utils-9.19.0-150400.3.17.1 * drbd-utils-debuginfo-9.19.0-150400.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1209783 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:12 -0000 Subject: SUSE-SU-2023:2509-1: moderate: Security update for python3 Message-ID: <168677461284.1421.448266193145929174@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:2509-1 Rating: moderate References: * #1203750 * #1211158 Cross-References: * CVE-2007-4559 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). * Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2509=1 ## Package List: * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * python3-base-debuginfo-3.6.15-150000.3.132.1 * python3-core-debugsource-3.6.15-150000.3.132.1 * python3-debuginfo-3.6.15-150000.3.132.1 * libpython3_6m1_0-3.6.15-150000.3.132.1 * python3-base-3.6.15-150000.3.132.1 * python3-3.6.15-150000.3.132.1 * libpython3_6m1_0-debuginfo-3.6.15-150000.3.132.1 * python3-debugsource-3.6.15-150000.3.132.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 * https://bugzilla.suse.com/show_bug.cgi?id=1211158 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 14 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 14 Jun 2023 20:30:14 -0000 Subject: SUSE-SU-2023:2508-1: moderate: Security update for opensc Message-ID: <168677461462.1421.8585532011300330039@smelt2.suse.de> # Security update for opensc Announcement ID: SUSE-SU-2023:2508-1 Rating: moderate References: * #1211894 Cross-References: * CVE-2023-2977 CVSS scores: * CVE-2023-2977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2977 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2508=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2508=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2508=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2508=1 ## Package List: * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * opensc-debuginfo-0.19.0-150100.3.22.1 * opensc-0.19.0-150100.3.22.1 * opensc-debugsource-0.19.0-150100.3.22.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.22.1 * opensc-0.19.0-150100.3.22.1 * opensc-debugsource-0.19.0-150100.3.22.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.22.1 * opensc-0.19.0-150100.3.22.1 * opensc-debugsource-0.19.0-150100.3.22.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * opensc-debuginfo-0.19.0-150100.3.22.1 * opensc-0.19.0-150100.3.22.1 * opensc-debugsource-0.19.0-150100.3.22.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2977.html * https://bugzilla.suse.com/show_bug.cgi?id=1211894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 07:01:51 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:01:51 +0200 (CEST) Subject: SUSE-IU-2023:347-1: Security update of suse-sles-15-sp3-chost-byos-v20230613-x86_64-gen2 Message-ID: <20230615070151.894AEF3C1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20230613-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:347-1 Image Tags : suse-sles-15-sp3-chost-byos-v20230613-x86_64-gen2:20230613 Image Release : Severity : critical Type : security References : 1065270 1127591 1168481 1173115 1176785 1178233 1185232 1185261 1185441 1185621 1186449 1186870 1187071 1187260 1187810 1189036 1191467 1191525 1193282 1195175 1195633 1198438 1198458 1198458 1198932 1199132 1199282 1199282 1199756 1200321 1200441 1200710 1201066 1201234 1201490 1202120 1202353 1203201 1203248 1203249 1203331 1203332 1203355 1203446 1203599 1203715 1203746 1204356 1204548 1204585 1204662 1204929 1204956 1205128 1205200 1205375 1205554 1205570 1205588 1205636 1206065 1206103 1206235 1206351 1206483 1206513 1206781 1206949 1206992 1207014 1207022 1207051 1207064 1207088 1207168 1207416 1207560 1207571 1207575 1207773 1207780 1207795 1207843 1207845 1207875 1207957 1207975 1207992 1208023 1208036 1208137 1208153 1208179 1208212 1208329 1208358 1208423 1208426 1208471 1208598 1208599 1208601 1208700 1208741 1208776 1208777 1208787 1208816 1208828 1208828 1208837 1208843 1208845 1208929 1208957 1208959 1208962 1208971 1209008 1209017 1209018 1209019 1209026 1209042 1209052 1209122 1209165 1209187 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209234 1209256 1209288 1209289 1209290 1209291 1209361 1209362 1209366 1209372 1209406 1209481 1209483 1209485 1209532 1209533 1209547 1209549 1209624 1209634 1209635 1209636 1209667 1209672 1209683 1209687 1209713 1209714 1209739 1209777 1209778 1209785 1209871 1209873 1209878 1209884 1209888 1210135 1210164 1210202 1210203 1210298 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210414 1210418 1210434 1210453 1210469 1210498 1210506 1210507 1210593 1210629 1210640 1210647 1210649 1210870 1211144 1211231 1211232 1211233 1211339 1211430 1211604 1211605 1211606 1211607 1211643 1211661 1211795 1212187 CVE-2017-5753 CVE-2020-36691 CVE-2021-3541 CVE-2021-3923 CVE-2022-2196 CVE-2022-23471 CVE-2022-28737 CVE-2022-28737 CVE-2022-29217 CVE-2022-29824 CVE-2022-32746 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-43945 CVE-2022-4744 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0512 CVE-2023-0590 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1382 CVE-2023-1390 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1872 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23006 CVE-2023-23559 CVE-2023-23916 CVE-2023-23931 CVE-2023-24329 CVE-2023-24593 CVE-2023-25012 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-2650 CVE-2023-26545 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-27561 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28327 CVE-2023-28328 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-28642 CVE-2023-28772 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 CVE-2023-30630 CVE-2023-30772 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20230613-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2917-1 Released: Wed Oct 14 11:29:48 2020 Summary: Recommended update for mokutil Type: recommended Severity: moderate References: 1173115 This update for mokutil fixes the following issue: - Add options for CA and kernel keyring checks (bsc#1173115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2638-1 Released: Wed Aug 3 10:35:14 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:780-1 Released: Thu Mar 16 18:06:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186449,1195175,1198438,1203331,1203332,1204356,1204662,1206103,1206351,1207051,1207575,1207773,1207795,1207845,1207875,1208023,1208153,1208212,1208700,1208741,1208776,1208816,1208837,1208845,1208971,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0590,CVE-2023-0597,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23006,CVE-2023-23559,CVE-2023-26545 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:784-1 Released: Thu Mar 16 19:33:52 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:847-1 Released: Tue Mar 21 13:27:57 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1687-1 Released: Wed Mar 29 17:52:28 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1691-1 Released: Thu Mar 30 09:51:28 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1811-1 Released: Tue Apr 11 12:11:23 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207168,1207560,1208137,1208179,1208598,1208599,1208601,1208777,1208787,1208843,1209008,1209052,1209256,1209288,1209289,1209290,1209291,1209366,1209532,1209547,1209549,1209634,1209635,1209636,1209672,1209683,1209778,1209785,CVE-2017-5753,CVE-2021-3923,CVE-2022-4744,CVE-2023-0461,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1281,CVE-2023-1382,CVE-2023-1390,CVE-2023-1513,CVE-2023-1582,CVE-2023-23004,CVE-2023-25012,CVE-2023-28327,CVE-2023-28328,CVE-2023-28464,CVE-2023-28466,CVE-2023-28772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1886-1 Released: Tue Apr 18 11:15:49 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204929,1208929 This update for dracut fixes the following issues: - Update to version 049.1+suse.251.g0b8dad5: * omission updates in conf files (bsc#1208929) * chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1932-1 Released: Thu Apr 20 18:40:58 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1993-1 Released: Tue Apr 25 13:50:58 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2148-1 Released: Tue May 9 17:05:48 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202353,1205128,1206992,1207088,1209687,1209739,1209777,1209871,1210202,1210203,1210301,1210329,1210336,1210337,1210414,1210453,1210469,1210498,1210506,1210629,1210647,CVE-2020-36691,CVE-2022-2196,CVE-2022-43945,CVE-2023-1611,CVE-2023-1670,CVE-2023-1838,CVE-2023-1855,CVE-2023-1872,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2124,CVE-2023-2162,CVE-2023-2176,CVE-2023-30772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2215-1 Released: Tue May 16 11:24:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2278-1 Released: Wed May 24 07:56:35 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1210640 This update for dracut fixes the following issues: - Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-7.66.0-150200.4.57.1 updated - dmidecode-3.2-150100.9.16.1 updated - docker-20.10.23_ce-150000.175.1 updated - dracut-049.1+suse.253.g1008bf13-150200.3.69.1 updated - elfutils-0.177-150300.11.6.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.04-150300.22.37.1 updated - grub2-x86_64-efi-2.04-150300.22.37.1 updated - grub2-2.04-150300.22.37.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.3.18-150300.59.121.2 updated - libasm1-0.177-150300.11.6.1 updated - libavahi-client3-0.7-150100.3.24.1 updated - libavahi-common3-0.7-150100.3.24.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libldb2-2.4.4-150300.3.23.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.13-150200.66.1 updated - login_defs-4.8.1-150300.4.6.1 updated - mokutil-0.4.0-150200.4.6.1 added - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - procps-3.3.15-150000.7.31.1 updated - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-3.6.15-150300.10.45.1 updated - rsyslog-module-relp-8.2106.0-150200.4.35.1 added - runc-1.1.5-150000.43.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - shadow-4.8.1-150300.4.6.1 updated - shim-15.7-150300.4.16.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.14.5_12-150300.3.48.1 updated - xxd-9.0.1443-150000.5.43.1 added - zypper-1.14.60-150200.51.1 updated - python3-ecdsa-0.13.3-3.7.1 removed From sle-updates at lists.suse.com Thu Jun 15 07:02:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:02:05 +0200 (CEST) Subject: SUSE-IU-2023:348-1: Security update of suse-sles-15-sp3-chost-byos-v20230613-hvm-ssd-x86_64 Message-ID: <20230615070205.1760CF3C1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20230613-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:348-1 Image Tags : suse-sles-15-sp3-chost-byos-v20230613-hvm-ssd-x86_64:20230613 Image Release : Severity : critical Type : security References : 1065270 1127591 1168481 1173115 1176785 1178233 1185232 1185261 1185441 1185621 1186449 1186870 1187071 1187260 1187810 1189036 1191467 1191525 1193282 1195175 1195633 1198438 1198458 1198458 1198932 1199132 1199282 1199282 1199756 1200321 1200441 1200710 1201066 1201234 1201490 1202120 1202353 1203201 1203248 1203249 1203331 1203332 1203355 1203446 1203599 1203715 1203746 1204356 1204548 1204585 1204662 1204929 1204956 1205128 1205200 1205375 1205554 1205570 1205588 1205636 1206065 1206103 1206235 1206351 1206483 1206513 1206781 1206949 1206992 1207014 1207022 1207051 1207064 1207088 1207168 1207416 1207560 1207571 1207575 1207773 1207780 1207795 1207843 1207845 1207875 1207957 1207975 1207992 1208023 1208036 1208137 1208153 1208179 1208212 1208329 1208358 1208423 1208426 1208471 1208598 1208599 1208601 1208700 1208741 1208776 1208777 1208787 1208816 1208828 1208828 1208837 1208843 1208845 1208929 1208957 1208959 1208962 1208971 1209008 1209017 1209018 1209019 1209026 1209042 1209052 1209122 1209165 1209187 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209234 1209256 1209288 1209289 1209290 1209291 1209361 1209362 1209366 1209372 1209406 1209481 1209483 1209485 1209532 1209533 1209547 1209549 1209624 1209634 1209635 1209636 1209667 1209672 1209683 1209687 1209713 1209714 1209739 1209777 1209778 1209785 1209871 1209873 1209878 1209884 1209888 1210135 1210164 1210202 1210203 1210298 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210414 1210418 1210434 1210453 1210469 1210498 1210506 1210507 1210593 1210629 1210640 1210647 1210649 1210870 1211144 1211231 1211232 1211233 1211339 1211430 1211604 1211605 1211606 1211607 1211643 1211661 1211795 1212187 CVE-2017-5753 CVE-2020-36691 CVE-2021-3541 CVE-2021-3923 CVE-2022-2196 CVE-2022-23471 CVE-2022-28737 CVE-2022-28737 CVE-2022-29217 CVE-2022-29824 CVE-2022-32746 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-43945 CVE-2022-4744 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0512 CVE-2023-0590 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1382 CVE-2023-1390 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1872 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23006 CVE-2023-23559 CVE-2023-23916 CVE-2023-23931 CVE-2023-24329 CVE-2023-24593 CVE-2023-25012 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-2650 CVE-2023-26545 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-27561 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28327 CVE-2023-28328 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-28642 CVE-2023-28772 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 CVE-2023-30630 CVE-2023-30772 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20230613-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2917-1 Released: Wed Oct 14 11:29:48 2020 Summary: Recommended update for mokutil Type: recommended Severity: moderate References: 1173115 This update for mokutil fixes the following issue: - Add options for CA and kernel keyring checks (bsc#1173115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2638-1 Released: Wed Aug 3 10:35:14 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:780-1 Released: Thu Mar 16 18:06:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186449,1195175,1198438,1203331,1203332,1204356,1204662,1206103,1206351,1207051,1207575,1207773,1207795,1207845,1207875,1208023,1208153,1208212,1208700,1208741,1208776,1208816,1208837,1208845,1208971,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0590,CVE-2023-0597,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23006,CVE-2023-23559,CVE-2023-26545 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:784-1 Released: Thu Mar 16 19:33:52 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:794-1 Released: Fri Mar 17 08:42:12 2023 Summary: Security update for python-PyJWT Type: security Severity: critical References: 1176785,1199282,1199756,CVE-2022-29217 This update for python-PyJWT fixes the following issues: - CVE-2022-29217: Fixed Key confusion through non-blocklisted public key formats (bsc#1199756). - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Update to 2.4.0 (bsc#1199756) - Explicit check the key for ECAlgorithm - Don't use implicit optionals - documentation fix: show correct scope - fix: Update copyright information - Don't mutate options dictionary in .decode_complete() - Add support for Python 3.10 - api_jwk: Add PyJWKSet.__getitem__ - Update usage.rst - Docs: mention performance reasons for reusing RSAPrivateKey when encoding - Fixed typo in usage.rst - Add detached payload support for JWS encoding and decoding - Replace various string interpolations with f-strings by ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:847-1 Released: Tue Mar 21 13:27:57 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1687-1 Released: Wed Mar 29 17:52:28 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1691-1 Released: Thu Mar 30 09:51:28 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1811-1 Released: Tue Apr 11 12:11:23 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207168,1207560,1208137,1208179,1208598,1208599,1208601,1208777,1208787,1208843,1209008,1209052,1209256,1209288,1209289,1209290,1209291,1209366,1209532,1209547,1209549,1209634,1209635,1209636,1209672,1209683,1209778,1209785,CVE-2017-5753,CVE-2021-3923,CVE-2022-4744,CVE-2023-0461,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1281,CVE-2023-1382,CVE-2023-1390,CVE-2023-1513,CVE-2023-1582,CVE-2023-23004,CVE-2023-25012,CVE-2023-28327,CVE-2023-28328,CVE-2023-28464,CVE-2023-28466,CVE-2023-28772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1886-1 Released: Tue Apr 18 11:15:49 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204929,1208929 This update for dracut fixes the following issues: - Update to version 049.1+suse.251.g0b8dad5: * omission updates in conf files (bsc#1208929) * chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1932-1 Released: Thu Apr 20 18:40:58 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1993-1 Released: Tue Apr 25 13:50:58 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2148-1 Released: Tue May 9 17:05:48 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202353,1205128,1206992,1207088,1209687,1209739,1209777,1209871,1210202,1210203,1210301,1210329,1210336,1210337,1210414,1210453,1210469,1210498,1210506,1210629,1210647,CVE-2020-36691,CVE-2022-2196,CVE-2022-43945,CVE-2023-1611,CVE-2023-1670,CVE-2023-1838,CVE-2023-1855,CVE-2023-1872,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2124,CVE-2023-2162,CVE-2023-2176,CVE-2023-30772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2215-1 Released: Tue May 16 11:24:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2278-1 Released: Wed May 24 07:56:35 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1210640 This update for dracut fixes the following issues: - Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-7.66.0-150200.4.57.1 updated - dmidecode-3.2-150100.9.16.1 updated - docker-20.10.23_ce-150000.175.1 updated - dracut-049.1+suse.253.g1008bf13-150200.3.69.1 updated - elfutils-0.177-150300.11.6.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.04-150300.22.37.1 updated - grub2-x86_64-efi-2.04-150300.22.37.1 updated - grub2-x86_64-xen-2.04-150300.22.37.1 updated - grub2-2.04-150300.22.37.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.3.18-150300.59.121.2 updated - libasm1-0.177-150300.11.6.1 updated - libavahi-client3-0.7-150100.3.24.1 updated - libavahi-common3-0.7-150100.3.24.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libldb2-2.4.4-150300.3.23.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.13-150200.66.1 updated - login_defs-4.8.1-150300.4.6.1 updated - mokutil-0.4.0-150200.4.6.1 added - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - openssl-1.1.1d-1.46 added - procps-3.3.15-150000.7.31.1 updated - python3-PyJWT-2.4.0-150200.3.6.2 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-cryptography-3.3.2-150200.19.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-3.6.15-150300.10.45.1 updated - rsyslog-module-relp-8.2106.0-150200.4.35.1 added - runc-1.1.5-150000.43.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - shadow-4.8.1-150300.4.6.1 updated - shim-15.7-150300.4.16.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.14.5_12-150300.3.48.1 updated - xen-tools-domU-4.14.5_12-150300.3.48.1 updated - xxd-9.0.1443-150000.5.43.1 added - zypper-1.14.60-150200.51.1 updated - python3-ecdsa-0.13.3-3.7.1 removed From sle-updates at lists.suse.com Thu Jun 15 07:02:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:02:17 +0200 (CEST) Subject: SUSE-IU-2023:349-1: Security update of sles-15-sp3-chost-byos-v20230613-x86-64 Message-ID: <20230615070217.E89FFF3C1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20230613-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:349-1 Image Tags : sles-15-sp3-chost-byos-v20230613-x86-64:20230613 Image Release : Severity : critical Type : security References : 1065270 1127591 1168481 1173115 1178233 1185232 1185261 1185441 1185621 1186449 1186870 1187071 1187260 1187810 1189036 1191467 1191525 1193282 1195175 1195633 1198438 1198458 1198458 1198932 1199132 1199282 1200321 1200441 1200710 1201066 1201234 1201490 1202120 1202353 1203201 1203248 1203249 1203331 1203332 1203355 1203446 1203599 1203715 1203746 1204356 1204548 1204585 1204662 1204929 1204956 1205128 1205200 1205375 1205554 1205570 1205588 1205636 1206065 1206103 1206235 1206351 1206483 1206513 1206781 1206949 1206992 1207014 1207022 1207051 1207064 1207088 1207168 1207416 1207560 1207571 1207575 1207773 1207780 1207795 1207843 1207845 1207875 1207957 1207975 1207992 1208023 1208137 1208153 1208179 1208212 1208329 1208358 1208423 1208426 1208471 1208598 1208599 1208601 1208700 1208741 1208776 1208777 1208787 1208816 1208828 1208828 1208837 1208843 1208845 1208929 1208957 1208959 1208962 1208971 1209008 1209017 1209018 1209019 1209026 1209042 1209052 1209122 1209165 1209187 1209188 1209188 1209209 1209210 1209211 1209212 1209214 1209234 1209256 1209288 1209289 1209290 1209291 1209361 1209362 1209366 1209372 1209406 1209481 1209483 1209485 1209532 1209533 1209547 1209549 1209624 1209634 1209635 1209636 1209667 1209672 1209683 1209687 1209713 1209714 1209739 1209777 1209778 1209785 1209871 1209873 1209878 1209884 1209888 1210135 1210164 1210202 1210203 1210298 1210301 1210328 1210329 1210336 1210337 1210382 1210411 1210412 1210414 1210418 1210434 1210453 1210469 1210498 1210506 1210507 1210593 1210629 1210640 1210647 1210649 1210870 1211144 1211231 1211232 1211233 1211339 1211430 1211604 1211605 1211606 1211607 1211643 1211661 1211795 1212187 CVE-2017-5753 CVE-2020-36691 CVE-2021-3541 CVE-2021-3923 CVE-2022-2196 CVE-2022-23471 CVE-2022-28737 CVE-2022-28737 CVE-2022-29824 CVE-2022-32746 CVE-2022-36109 CVE-2022-36280 CVE-2022-38096 CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334 CVE-2022-43945 CVE-2022-4744 CVE-2022-4899 CVE-2023-0045 CVE-2023-0225 CVE-2023-0461 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0512 CVE-2023-0590 CVE-2023-0597 CVE-2023-0614 CVE-2023-0687 CVE-2023-0922 CVE-2023-1075 CVE-2023-1076 CVE-2023-1078 CVE-2023-1095 CVE-2023-1118 CVE-2023-1127 CVE-2023-1127 CVE-2023-1170 CVE-2023-1175 CVE-2023-1264 CVE-2023-1281 CVE-2023-1355 CVE-2023-1382 CVE-2023-1390 CVE-2023-1513 CVE-2023-1582 CVE-2023-1611 CVE-2023-1670 CVE-2023-1838 CVE-2023-1855 CVE-2023-1872 CVE-2023-1981 CVE-2023-1989 CVE-2023-1990 CVE-2023-1998 CVE-2023-2008 CVE-2023-2124 CVE-2023-2162 CVE-2023-2176 CVE-2023-22995 CVE-2023-22998 CVE-2023-23000 CVE-2023-23004 CVE-2023-23006 CVE-2023-23559 CVE-2023-23916 CVE-2023-24329 CVE-2023-24593 CVE-2023-25012 CVE-2023-25153 CVE-2023-25173 CVE-2023-25180 CVE-2023-25809 CVE-2023-2650 CVE-2023-26545 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-27561 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28327 CVE-2023-28328 CVE-2023-28464 CVE-2023-28466 CVE-2023-28484 CVE-2023-28486 CVE-2023-28487 CVE-2023-28642 CVE-2023-28772 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 CVE-2023-30630 CVE-2023-30772 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 CVE-2023-32324 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20230613-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2917-1 Released: Wed Oct 14 11:29:48 2020 Summary: Recommended update for mokutil Type: recommended Severity: moderate References: 1173115 This update for mokutil fixes the following issue: - Add options for CA and kernel keyring checks (bsc#1173115) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2638-1 Released: Wed Aug 3 10:35:14 2022 Summary: Security update for mokutil Type: security Severity: moderate References: 1198458 This update for mokutil fixes the following issues: - Adds SBAT revocation support to mokutil. (bsc#1198458) New options added (see manpage): - mokutil --sbat List all entries in SBAT. - mokutil --set-sbat-policy (latest | previous | delete) To set the SBAT acceptance policy. - mokutil --list-sbat-revocations To list the current SBAT revocations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:780-1 Released: Thu Mar 16 18:06:30 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186449,1195175,1198438,1203331,1203332,1204356,1204662,1206103,1206351,1207051,1207575,1207773,1207795,1207845,1207875,1208023,1208153,1208212,1208700,1208741,1208776,1208816,1208837,1208845,1208971,CVE-2022-36280,CVE-2022-38096,CVE-2023-0045,CVE-2023-0590,CVE-2023-0597,CVE-2023-1118,CVE-2023-22995,CVE-2023-22998,CVE-2023-23000,CVE-2023-23006,CVE-2023-23559,CVE-2023-26545 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332). - CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331). - CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741). - CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776). - CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816). - CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845). - CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051). - CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700). The following non-security bugs were fixed: - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971). - genirq: Provide new interfaces for affinity hints (bsc#1208153). - mm/slub: fix panic in slab_alloc_node() (bsc#1208023). - module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662). - net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153). - net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875). - net: mana: Fix accessing freed irq affinity_hint (bsc#1208153). - refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that. - s390/kexec: fix ipl report address for kdump (bsc#1207575). - scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103). - update suse/net-mlx5-Allocate-individual-capability (bsc#1195175). - update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175). - update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175). - update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175). - update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175). - update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference. - vmxnet3: move rss code block under eop descriptor (bsc#1208212). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:781-1 Released: Thu Mar 16 19:07:00 2023 Summary: Security update for vim Type: security Severity: important References: 1207780,1208828,1208957,1208959,CVE-2023-0512,CVE-2023-1127,CVE-2023-1170,CVE-2023-1175 This update for vim fixes the following issues: - CVE-2023-0512: Fixed a divide By Zero (bsc#1207780). - CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957). - CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). Updated to version 9.0 with patch level 1386. - https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:784-1 Released: Thu Mar 16 19:33:52 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1205200,1205554 This update for grub2 fixes the following issues: - Remove zfs modules (bsc#1205554) - Make grub.cfg invariant to efi and legacy platforms (bsc#1205200) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:786-1 Released: Thu Mar 16 19:36:09 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:795-1 Released: Fri Mar 17 09:13:12 2023 Summary: Security update for docker Type: security Severity: moderate References: 1205375,1206065,CVE-2022-36109 This update for docker fixes the following issues: Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/#201023 Docker was updated to 20.10.21-ce (bsc#1206065) See upstream changelog at https://docs.docker.com/engine/release-notes/#201021 Security issues fixed: - CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375) - Fix wrong After: in docker.service, fixes bsc#1188447 - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux. - Allow to install container-selinux instead of apparmor-parser. - Change to using systemd-sysusers ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:847-1 Released: Tue Mar 21 13:27:57 2023 Summary: Security update for xen Type: security Severity: important References: 1209017,1209018,1209019,1209188,CVE-2022-42331,CVE-2022-42332,CVE-2022-42333,CVE-2022-42334 This update for xen fixes the following issues: - CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017). - CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018). - CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1586-1 Released: Mon Mar 27 13:02:52 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1200710,1203746,1206781,1207022,1207843 This update for nfs-utils fixes the following issues: - Rename all drop-in options.conf files as 10-options.conf This makes it easier for other packages to over-ride with a drop-in with a later sequence number (bsc#1207843) - Avoid modprobe errors when sysctl is not installed (bsc#1200710 bsc#1207022 bsc#1206781) - Add '-S scope' option to rpc.nfsd to simplify fail-over cluster configuration (bsc#1203746) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1628-1 Released: Tue Mar 28 12:28:51 2023 Summary: Security update for containerd Type: security Severity: important References: 1206235,CVE-2022-23471 This update for containerd fixes the following issues: - CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235). - Re-build containerd to use updated golang-packaging (jsc#1342). - Update to containerd v1.6.16 for Docker v23.0.0-ce. * https://github.com/containerd/containerd/releases/tag/v1.6.16 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1687-1 Released: Wed Mar 29 17:52:28 2023 Summary: Security update for ldb, samba Type: security Severity: important References: 1201490,1207416,1209481,1209483,1209485,CVE-2022-32746,CVE-2023-0225,CVE-2023-0614,CVE-2023-0922 This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). samba: - CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481). - CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483). - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485). The following non-security bug was fixed: - Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1691-1 Released: Thu Mar 30 09:51:28 2023 Summary: Security update for grub2 Type: security Severity: moderate References: 1209188 This update of grub2 fixes the following issues: - rebuild the package with the new secure boot key (bsc#1209188). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1698-1 Released: Thu Mar 30 12:16:57 2023 Summary: Security update for sudo Type: security Severity: moderate References: 1203201,1206483,1209361,1209362,CVE-2023-28486,CVE-2023-28487 This update for sudo fixes the following issue: Security fixes: - CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362). - CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361). Other fixes: - Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483). - Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1702-1 Released: Thu Mar 30 15:23:23 2023 Summary: Security update for shim Type: security Severity: important References: 1185232,1185261,1185441,1185621,1187071,1187260,1193282,1198458,1201066,1202120,1205588,CVE-2022-28737 This update for shim fixes the following issues: - Updated shim signature after shim 15.7 be signed back: signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458) - Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588) - Enable the NX compatibility flag by default. (jsc#PED-127) Update to 15.7 (bsc#1198458) (jsc#PED-127): - Make SBAT variable payload introspectable - Reference MokListRT instead of MokList - Add a link to the test plan in the readme. - [V3] Enable TDX measurement to RTMR register - Discard load-options that start with a NUL - Fixed load_cert_file bugs - Add -malign-double to IA32 compiler flags - pe: Fix image section entry-point validation - make-archive: Build reproducible tarball - mok: remove MokListTrusted from PCR 7 Other fixes: - Support enhance shim measurement to TD RTMR. (jsc#PED-1273) - shim-install: ensure grub.cfg created is not overwritten after installing grub related files - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066) - Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120) - Change the URL in SBAT section to mail:security at suse.de. (bsc#1193282) Update to 15.6 (bsc#1198458): - MokManager: removed Locate graphic output protocol fail error message - shim: implement SBAT verification for the shim_lock protocol - post-process-pe: Fix a missing return code check - Update github actions matrix to be more useful - post-process-pe: Fix format string warnings on 32-bit platforms - Allow MokListTrusted to be enabled by default - Re-add ARM AArch64 support - Use ASCII as fallback if Unicode Box Drawing characters fail - make: don't treat cert.S specially - shim: use SHIM_DEVEL_VERBOSE when built in devel mode - Break out of the inner sbat loop if we find the entry. - Support loading additional certificates - Add support for NX (W^X) mitigations. - Fix preserve_sbat_uefi_variable() logic - SBAT Policy latest should be a one-shot - pe: Fix a buffer overflow when SizeOfRawData > VirtualSize - pe: Perform image verification earlier when loading grub - Update advertised sbat generation number for shim - Update SBAT generation requirements for 05/24/22 - Also avoid CVE-2022-28737 in verify_image() by @vathpela Update to 15.5 (bsc#1198458): - Broken ia32 relocs and an unimportant submodule change. - mok: allocate MOK config table as BootServicesData - Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260) - Relax the check for import_mok_state() (bsc#1185261) - SBAT.md: trivial changes - shim: another attempt to fix load options handling - Add tests for our load options parsing. - arm/aa64: fix the size of .rela* sections - mok: fix potential buffer overrun in import_mok_state - mok: relax the maximum variable size check - Don't unhook ExitBootServices when EBS protection is disabled - fallback: find_boot_option() needs to return the index for the boot entry in optnum - httpboot: Ignore case when checking HTTP headers - Fallback allocation errors - shim: avoid BOOTx64.EFI in message on other architectures - str: remove duplicate parameter check - fallback: add compile option FALLBACK_NONINTERACTIVE - Test mok mirror - Modify sbat.md to help with readability. - csv: detect end of csv file correctly - Specify that the .sbat section is ASCII not UTF-8 - tests: add 'include-fixed' GCC directory to include directories - pe: simplify generate_hash() - Don't make shim abort when TPM log event fails (RHBZ #2002265) - Fallback to default loader if parsed one does not exist - fallback: Fix for BootOrder crash when index returned - Better console checks - docs: update SBAT UEFI variable name - Don't parse load options if invoked from removable media path - fallback: fix fallback not passing arguments of the first boot option - shim: Don't stop forever at 'Secure Boot not enabled' notification - Allocate mokvar table in runtime memory. - Remove post-process-pe on 'make clean' - pe: missing perror argument - CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458) - Add mokutil command to post script for setting sbat policy to latest mode when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created. (bsc#1198458) - Updated vendor dbx binary and script (bsc#1198458) - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list. - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment. - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin file which includes all .der for testing environment. - avoid buffer overflow when copying data to the MOK config table (bsc#1185232) - Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261) - ignore the odd LoadOptions length (bsc#1185232) - shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist - relax the maximum variable size check for u-boot (bsc#1185621) - handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071) - Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261) + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1711-1 Released: Fri Mar 31 13:33:04 2023 Summary: Security update for curl Type: security Severity: moderate References: 1207992,1209209,1209210,1209211,1209212,1209214,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1790-1 Released: Thu Apr 6 15:36:15 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,1209873,1209878,CVE-2023-0464,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1810-1 Released: Tue Apr 11 12:06:13 2023 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1191467,1191525,1198932,1200321,1201234,1203446 This update for cups fixes the following issues: - Fix print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable) (bsc#1191525) - Fix '/usr/bin/lpr: Error - The printer or class does not exist (bsc#1203446) - Improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error (bsc#1191467, bsc#1198932) - Add 'After=network.target sssd.service' to the systemd unit (bsc#1201234, bsc#1200321) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1811-1 Released: Tue Apr 11 12:11:23 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1207168,1207560,1208137,1208179,1208598,1208599,1208601,1208777,1208787,1208843,1209008,1209052,1209256,1209288,1209289,1209290,1209291,1209366,1209532,1209547,1209549,1209634,1209635,1209636,1209672,1209683,1209778,1209785,CVE-2017-5753,CVE-2021-3923,CVE-2022-4744,CVE-2023-0461,CVE-2023-1075,CVE-2023-1076,CVE-2023-1078,CVE-2023-1095,CVE-2023-1281,CVE-2023-1382,CVE-2023-1390,CVE-2023-1513,CVE-2023-1582,CVE-2023-23004,CVE-2023-25012,CVE-2023-28327,CVE-2023-28328,CVE-2023-28464,CVE-2023-28466,CVE-2023-28772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547). - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778). - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635). - CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787). - CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598). - CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599). - CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634). - CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636). - CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843). - CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560). - CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - PCI: hv: Add a per-bus mutex state_lock (bsc#1209785). - PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785). - PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785). - PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785). - Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). - net: ena: optimize data access in fast-path code (bsc#1208137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1827-1 Released: Thu Apr 13 10:18:16 2023 Summary: Security update for containerd Type: security Severity: moderate References: 1208423,1208426,CVE-2023-25153,CVE-2023-25173 This update for containerd fixes the following issues: Update to containerd v1.6.19: Security fixes: - CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423). - CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1886-1 Released: Tue Apr 18 11:15:49 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1204929,1208929 This update for dracut fixes the following issues: - Update to version 049.1+suse.251.g0b8dad5: * omission updates in conf files (bsc#1208929) * chown using rpc default group (bsc#1204929) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1932-1 Released: Thu Apr 20 18:40:58 2023 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1187810,1189036,1207064,1209165,1209234,1209372,1209667 This update for grub2 fixes the following issues: - Fix aarch64 kiwi image's file not found due to '/@' prepended to path in btrfs filesystem. (bsc#1209165) - Make grub more robust against storage race condition causing system boot failures (bsc#1189036) - Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064, bsc#1209234) - Fix installation over serial console ends up in infinite boot loop (bsc#1187810, bsc#1209667, bsc#1209372) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1945-1 Released: Fri Apr 21 14:13:27 2023 Summary: Recommended update for elfutils Type: recommended Severity: moderate References: 1203599 This update for elfutils fixes the following issues: - go1.19 builds created debuginfo that was not extractable using rpm / elfutils 0.177. (bsc#1203599) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1993-1 Released: Tue Apr 25 13:50:58 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1210328,CVE-2023-1981 This update for avahi fixes the following issues: - CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2003-1 Released: Tue Apr 25 18:05:42 2023 Summary: Security update for runc Type: security Severity: important References: 1168481,1208962,1209884,1209888,CVE-2023-25809,CVE-2023-27561,CVE-2023-28642 This update for runc fixes the following issues: Update to runc v1.1.5: Security fixes: - CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884). - CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962). - CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888). Other fixes: - Fix the inability to use `/dev/null` when inside a container. - Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481). - Fix rare runc exec/enter unshare error on older kernels. - nsexec: Check for errors in `write_log()`. - Drop version-specific Go requirement. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2070-1 Released: Fri Apr 28 13:56:33 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2074-1 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2076-1 Released: Fri Apr 28 17:35:05 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2084-1 Released: Tue May 2 13:31:52 2023 Summary: Security update for shim Type: security Severity: important References: 1210382,CVE-2022-28737 This update for shim fixes the following issues: - CVE-2022-28737 was missing as reference previously. - Upgrade shim-install for bsc#1210382 After closing Leap-gap project since Leap 15.3, openSUSE Leap direct uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no, so all files in /boot/efi/EFI/boot are not updated. Logic was added that is using ID field in os-release for checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2103-1 Released: Thu May 4 20:05:44 2023 Summary: Security update for vim Type: security Severity: moderate References: 1208828,1209042,1209187,CVE-2023-1127,CVE-2023-1264,CVE-2023-1355 This update for vim fixes the following issues: Updated to version 9.0 with patch level 1443, fixes the following security problems - CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042). - CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187). - CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2148-1 Released: Tue May 9 17:05:48 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1202353,1205128,1206992,1207088,1209687,1209739,1209777,1209871,1210202,1210203,1210301,1210329,1210336,1210337,1210414,1210453,1210469,1210498,1210506,1210629,1210647,CVE-2020-36691,CVE-2022-2196,CVE-2022-43945,CVE-2023-1611,CVE-2023-1670,CVE-2023-1838,CVE-2023-1855,CVE-2023-1872,CVE-2023-1989,CVE-2023-1990,CVE-2023-1998,CVE-2023-2008,CVE-2023-2124,CVE-2023-2162,CVE-2023-2176,CVE-2023-30772 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - cifs: fix negotiate context parsing (bsc#1210301). - keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088). - vmxnet3: use gro callback when UPT is enabled (bsc#1209739). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2166-1 Released: Wed May 10 20:18:51 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1209026 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.7 (bsc#1209026) + Include information about the cached registration data + Collect the data that is sent to the update infrastructure during registration ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2215-1 Released: Tue May 16 11:24:41 2023 Summary: Security update for dmidecode Type: security Severity: moderate References: 1210418,CVE-2023-30630 This update for dmidecode fixes the following issues: - CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2227-1 Released: Wed May 17 09:57:41 2023 Summary: Security update for curl Type: security Severity: important References: 1211231,1211232,1211233,1211339,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2237-1 Released: Wed May 17 17:10:07 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211144 This update for vim fixes the following issues: * Make xxd conflict with the previous vim packages to avoid a file conflict during migration (bsc#1211144) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2247-1 Released: Thu May 18 17:04:38 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2254-1 Released: Fri May 19 15:20:23 2023 Summary: Security update for containerd Type: security Severity: important References: 1210298 This update for containerd fixes the following issues: - Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2256-1 Released: Fri May 19 15:26:43 2023 Summary: Security update for runc Type: security Severity: important References: 1200441 This update of runc fixes the following issues: - rebuild the package with the go 19.9 secure release (bsc#1200441). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2278-1 Released: Wed May 24 07:56:35 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1210640 This update for dracut fixes the following issues: - Update to version 049.1+suse.253.g1008bf13: * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2313-1 Released: Tue May 30 09:29:25 2023 Summary: Security update for c-ares Type: security Severity: important References: 1211604,1211605,1211606,1211607,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604) - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605) - CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606) - CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607) - Fix uninitialized memory warning in test - ares_getaddrinfo() should allow a port of 0 - Fix memory leak in ares_send() on error - Fix comment style in ares_data.h - Fix typo in ares_init_options.3 - Sync ax_pthread.m4 with upstream - Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2343-1 Released: Thu Jun 1 11:35:28 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2347-1 Released: Thu Jun 1 14:33:10 2023 Summary: Security update for cups Type: security Severity: important References: 1211643,CVE-2023-32324 This update for cups fixes the following issues: - CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2355-1 Released: Fri Jun 2 12:48:25 2023 Summary: Recommended update for librelp Type: recommended Severity: moderate References: 1210649 This update for librelp fixes the following issues: - update to librelp 1.11.0 (bsc#1210649) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2365-1 Released: Mon Jun 5 09:22:46 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issues: - Add upstream patches (bsc#1210164, bsc#1210164, bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2430-1 Released: Tue Jun 6 22:55:28 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: critical References: This update for supportutils-plugin-suse-public-cloud fixes the following issues: - This update will be delivered to SLE Micro. (SMO-219) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - containerd-ctr-1.6.19-150000.90.3 updated - containerd-1.6.19-150000.90.3 updated - cups-config-2.2.7-150000.3.43.1 updated - curl-7.66.0-150200.4.57.1 updated - dmidecode-3.2-150100.9.16.1 updated - docker-20.10.23_ce-150000.175.1 updated - dracut-049.1+suse.253.g1008bf13-150200.3.69.1 updated - elfutils-0.177-150300.11.6.1 updated - glibc-locale-base-2.31-150300.46.1 updated - glibc-locale-2.31-150300.46.1 updated - glibc-2.31-150300.46.1 updated - grub2-i386-pc-2.04-150300.22.37.1 updated - grub2-x86_64-efi-2.04-150300.22.37.1 updated - grub2-2.04-150300.22.37.1 updated - hwdata-0.368-150000.3.57.1 updated - kernel-default-5.3.18-150300.59.121.2 updated - libasm1-0.177-150300.11.6.1 updated - libavahi-client3-0.7-150100.3.24.1 updated - libavahi-common3-0.7-150100.3.24.1 updated - libblkid1-2.36.2-150300.4.35.1 updated - libcares2-1.19.1-150000.3.23.1 updated - libcups2-2.2.7-150000.3.43.1 updated - libcurl4-7.66.0-150200.4.57.1 updated - libdw1-0.177-150300.11.6.1 updated - libebl-plugins-0.177-150300.11.6.1 updated - libelf1-0.177-150300.11.6.1 updated - libfdisk1-2.36.2-150300.4.35.1 updated - libgcc_s1-12.2.1+git416-150000.1.7.1 updated - libglib-2_0-0-2.62.6-150200.3.15.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libldb2-2.4.4-150300.3.23.1 updated - libmount1-2.36.2-150300.4.35.1 updated - libncurses6-6.1-150000.5.15.1 updated - libopenssl1_1-1.1.1d-150200.11.65.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - libpython3_6m1_0-3.6.15-150300.10.45.1 updated - librelp0-1.11.0-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.35.1 updated - libsolv-tools-0.7.24-150200.18.1 updated - libstdc++6-12.2.1+git416-150000.1.7.1 updated - libuuid1-2.36.2-150300.4.35.1 updated - libxml2-2-2.9.7-150000.3.57.1 updated - libz1-1.2.11-150000.3.45.1 updated - libzstd1-1.4.4-150000.1.9.1 updated - libzypp-17.31.13-150200.66.1 updated - login_defs-4.8.1-150300.4.6.1 updated - mokutil-0.4.0-150200.4.6.1 added - ncurses-utils-6.1-150000.5.15.1 updated - nfs-client-2.1.1-150100.10.32.1 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-common-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - openssl-1_1-1.1.1d-150200.11.65.1 updated - openssl-1.1.1d-1.46 added - procps-3.3.15-150000.7.31.1 updated - python3-base-3.6.15-150300.10.45.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-3.6.15-150300.10.45.1 updated - rsyslog-module-relp-8.2106.0-150200.4.35.1 added - runc-1.1.5-150000.43.1 updated - samba-client-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 updated - shadow-4.8.1-150300.4.6.1 updated - shim-15.7-150300.4.16.1 updated - sudo-1.9.5p2-150300.3.24.1 updated - supportutils-plugin-suse-public-cloud-1.0.7-150000.3.14.1 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - terminfo-base-6.1-150000.5.15.1 updated - terminfo-6.1-150000.5.15.1 updated - timezone-2023c-150000.75.23.1 updated - util-linux-systemd-2.36.2-150300.4.35.1 updated - util-linux-2.36.2-150300.4.35.1 updated - vim-data-common-9.0.1443-150000.5.43.1 updated - vim-9.0.1443-150000.5.43.1 updated - xen-libs-4.14.5_12-150300.3.48.1 updated - xxd-9.0.1443-150000.5.43.1 added - zypper-1.14.60-150200.51.1 updated From sle-updates at lists.suse.com Thu Jun 15 07:03:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:03:35 +0200 (CEST) Subject: SUSE-CU-2023:1899-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230615070335.901C8F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1899-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.148 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.148 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150400.3.30.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Thu Jun 15 07:03:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:03:56 +0200 (CEST) Subject: SUSE-CU-2023:1900-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230615070356.90108F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1900-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.45 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.45 Severity : important Type : recommended References : 1211661 1212187 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] The following package changes have been done: - libzypp-17.31.13-150400.3.30.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Thu Jun 15 07:14:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:14:40 +0200 (CEST) Subject: SUSE-CU-2023:1921-1: Security update of bci/rust Message-ID: <20230615071440.17817F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1921-1 Container Tags : bci/rust:1.68 , bci/rust:1.68-4.3 Container Release : 4.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Thu Jun 15 07:15:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:15:26 +0200 (CEST) Subject: SUSE-CU-2023:1943-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230615071526.E2D97F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1943-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.409 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.409 Severity : important Type : security References : 1207712 1210081 1211661 1211795 1212187 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2498-1 Released: Tue Jun 13 16:56:33 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: 1207712,1210081 This update for gdb fixes the following issues: - Fix license, again (bsc#1210081). - Patches dropped (bsc#1207712): * gdb-container-rh-pkg.patch - Patches added (bsc#1207712): * gdb-testsuite-add-gdb.suse-debranding.exp.patch The following package changes have been done: - gdb-12.1-150100.8.36.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libzypp-17.31.13-150200.66.1 updated - container:sles15-image-15.0.0-17.20.147 updated From sle-updates at lists.suse.com Thu Jun 15 07:15:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 09:15:50 +0200 (CEST) Subject: SUSE-CU-2023:1944-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230615071550.E834FF3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1944-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.231 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.231 Severity : important Type : security References : 1207712 1210081 1211661 1211795 1212187 CVE-2023-2953 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2497-1 Released: Tue Jun 13 15:37:25 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2498-1 Released: Tue Jun 13 16:56:33 2023 Summary: Recommended update for gdb Type: recommended Severity: moderate References: 1207712,1210081 This update for gdb fixes the following issues: - Fix license, again (bsc#1210081). - Patches dropped (bsc#1207712): * gdb-container-rh-pkg.patch - Patches added (bsc#1207712): * gdb-testsuite-add-gdb.suse-debranding.exp.patch The following package changes have been done: - gdb-12.1-150100.8.36.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libldap-data-2.4.46-150200.14.14.1 updated - libzypp-17.31.13-150200.66.1 updated - container:sles15-image-15.0.0-17.20.147 updated From sle-updates at lists.suse.com Thu Jun 15 08:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 08:30:03 -0000 Subject: SUSE-RU-2023:2519-1: moderate: Recommended update for supportutils Message-ID: <168681780332.27616.13780351318363233731@smelt2.suse.de> # Recommended update for supportutils Announcement ID: SUSE-RU-2023:2519-1 Rating: moderate References: * #1203818 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for supportutils fixes the following issues: * Added missed sanitation check on crash.txt (bsc#1203818) * Added check to _sanitize_file * Using variable for replement text in _sanitize_file ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2519=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2519=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2519=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2519=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2519=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2519=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2519=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2519=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2519=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2519=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2519=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2519=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2519=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * openSUSE Leap 15.4 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * openSUSE Leap 15.5 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * Basesystem Module 15-SP4 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * Basesystem Module 15-SP5 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * supportutils-3.1.21-150300.7.35.18.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * supportutils-3.1.21-150300.7.35.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203818 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 08:30:05 -0000 Subject: SUSE-SU-2023:2518-1: important: Security update for frr Message-ID: <168681780517.27616.15083774208445419551@smelt2.suse.de> # Security update for frr Announcement ID: SUSE-SU-2023:2518-1 Rating: important References: * #1211248 * #1211249 Cross-References: * CVE-2023-31489 * CVE-2023-31490 CVSS scores: * CVE-2023-31489 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-31489 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-31490 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31490 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for frr fixes the following issues: * CVE-2023-31489: Fixed a remote denial of service via a malformed BGP packet (bsc#1211248). * CVE-2023-31490: Fixed a remote denial of service via a malformed BGP packet (bsc#1211249). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2518=1 openSUSE-SLE-15.5-2023-2518=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2518=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libfrr0-8.4-150500.4.3.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.3.1 * libfrrcares0-debuginfo-8.4-150500.4.3.1 * libfrrzmq0-8.4-150500.4.3.1 * libmlag_pb0-debuginfo-8.4-150500.4.3.1 * frr-devel-8.4-150500.4.3.1 * libfrr_pb0-debuginfo-8.4-150500.4.3.1 * libfrrcares0-8.4-150500.4.3.1 * libmlag_pb0-8.4-150500.4.3.1 * frr-debuginfo-8.4-150500.4.3.1 * libfrrzmq0-debuginfo-8.4-150500.4.3.1 * libfrr0-debuginfo-8.4-150500.4.3.1 * libfrrsnmp0-8.4-150500.4.3.1 * libfrrsnmp0-debuginfo-8.4-150500.4.3.1 * libfrrospfapiclient0-8.4-150500.4.3.1 * frr-8.4-150500.4.3.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.3.1 * libfrrfpm_pb0-8.4-150500.4.3.1 * frr-debugsource-8.4-150500.4.3.1 * libfrr_pb0-8.4-150500.4.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libfrr0-8.4-150500.4.3.1 * libfrrfpm_pb0-debuginfo-8.4-150500.4.3.1 * libfrrcares0-debuginfo-8.4-150500.4.3.1 * libfrrzmq0-8.4-150500.4.3.1 * libmlag_pb0-debuginfo-8.4-150500.4.3.1 * frr-devel-8.4-150500.4.3.1 * libfrr_pb0-debuginfo-8.4-150500.4.3.1 * libfrrcares0-8.4-150500.4.3.1 * libmlag_pb0-8.4-150500.4.3.1 * frr-debuginfo-8.4-150500.4.3.1 * libfrrzmq0-debuginfo-8.4-150500.4.3.1 * libfrr0-debuginfo-8.4-150500.4.3.1 * libfrrsnmp0-8.4-150500.4.3.1 * libfrrsnmp0-debuginfo-8.4-150500.4.3.1 * libfrrospfapiclient0-8.4-150500.4.3.1 * frr-8.4-150500.4.3.1 * libfrrospfapiclient0-debuginfo-8.4-150500.4.3.1 * libfrrfpm_pb0-8.4-150500.4.3.1 * frr-debugsource-8.4-150500.4.3.1 * libfrr_pb0-8.4-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31489.html * https://www.suse.com/security/cve/CVE-2023-31490.html * https://bugzilla.suse.com/show_bug.cgi?id=1211248 * https://bugzilla.suse.com/show_bug.cgi?id=1211249 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 08:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 08:30:07 -0000 Subject: SUSE-SU-2023:2517-1: moderate: Security update for python3 Message-ID: <168681780743.27616.2240712116138467669@smelt2.suse.de> # Security update for python3 Announcement ID: SUSE-SU-2023:2517-1 Rating: moderate References: * #1203750 * #1211158 Cross-References: * CVE-2007-4559 CVSS scores: * CVE-2007-4559 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python3 fixes the following issues: * CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). * Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2517=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2517=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2517=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2517=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2517=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2517=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2517=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2517=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2517=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2517=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2517=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2517=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2517=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2517=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-curses-debuginfo-3.6.15-150300.10.48.1 * python3-devel-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * python3-tools-3.6.15-150300.10.48.1 * python3-doc-3.6.15-150300.10.48.1 * python3-tk-debuginfo-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-doc-devhelp-3.6.15-150300.10.48.1 * python3-dbm-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-testsuite-debuginfo-3.6.15-150300.10.48.1 * python3-curses-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-base-3.6.15-150300.10.48.1 * python3-devel-debuginfo-3.6.15-150300.10.48.1 * python3-idle-3.6.15-150300.10.48.1 * python3-testsuite-3.6.15-150300.10.48.1 * python3-tk-3.6.15-150300.10.48.1 * python3-dbm-debuginfo-3.6.15-150300.10.48.1 * openSUSE Leap 15.4 (x86_64) * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-32bit-3.6.15-150300.10.48.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-curses-debuginfo-3.6.15-150300.10.48.1 * python3-devel-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * python3-tools-3.6.15-150300.10.48.1 * python3-doc-3.6.15-150300.10.48.1 * python3-tk-debuginfo-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-doc-devhelp-3.6.15-150300.10.48.1 * python3-dbm-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-testsuite-debuginfo-3.6.15-150300.10.48.1 * python3-curses-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-base-3.6.15-150300.10.48.1 * python3-devel-debuginfo-3.6.15-150300.10.48.1 * python3-idle-3.6.15-150300.10.48.1 * python3-testsuite-3.6.15-150300.10.48.1 * python3-tk-3.6.15-150300.10.48.1 * python3-dbm-debuginfo-3.6.15-150300.10.48.1 * openSUSE Leap 15.5 (x86_64) * libpython3_6m1_0-32bit-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-32bit-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-curses-debuginfo-3.6.15-150300.10.48.1 * python3-devel-debuginfo-3.6.15-150300.10.48.1 * python3-tk-debuginfo-3.6.15-150300.10.48.1 * python3-idle-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-tk-3.6.15-150300.10.48.1 * python3-devel-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-curses-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-dbm-3.6.15-150300.10.48.1 * python3-dbm-debuginfo-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-curses-debuginfo-3.6.15-150300.10.48.1 * python3-devel-debuginfo-3.6.15-150300.10.48.1 * python3-tk-debuginfo-3.6.15-150300.10.48.1 * python3-idle-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-tk-3.6.15-150300.10.48.1 * python3-devel-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-curses-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-dbm-3.6.15-150300.10.48.1 * python3-dbm-debuginfo-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-tools-3.6.15-150300.10.48.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-tools-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-curses-debuginfo-3.6.15-150300.10.48.1 * python3-devel-debuginfo-3.6.15-150300.10.48.1 * python3-tk-debuginfo-3.6.15-150300.10.48.1 * python3-idle-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-tk-3.6.15-150300.10.48.1 * python3-devel-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-curses-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-tools-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-dbm-3.6.15-150300.10.48.1 * python3-dbm-debuginfo-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-base-3.6.15-150300.10.48.1 * libpython3_6m1_0-debuginfo-3.6.15-150300.10.48.1 * python3-debugsource-3.6.15-150300.10.48.1 * python3-core-debugsource-3.6.15-150300.10.48.1 * python3-debuginfo-3.6.15-150300.10.48.1 * python3-base-debuginfo-3.6.15-150300.10.48.1 * libpython3_6m1_0-3.6.15-150300.10.48.1 * python3-3.6.15-150300.10.48.1 ## References: * https://www.suse.com/security/cve/CVE-2007-4559.html * https://bugzilla.suse.com/show_bug.cgi?id=1203750 * https://bugzilla.suse.com/show_bug.cgi?id=1211158 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 08:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 08:30:09 -0000 Subject: SUSE-SU-2023:2516-1: moderate: Security update for opensc Message-ID: <168681780933.27616.14735611833321401614@smelt2.suse.de> # Security update for opensc Announcement ID: SUSE-SU-2023:2516-1 Rating: moderate References: * #1211894 Cross-References: * CVE-2023-2977 CVSS scores: * CVE-2023-2977 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2977 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for opensc fixes the following issues: * CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2516=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2516=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2516=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2516=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2516=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2516=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2516=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2516=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2516=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * openSUSE Leap 15.4 (x86_64) * opensc-32bit-0.22.0-150400.3.3.1 * opensc-32bit-debuginfo-0.22.0-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * openSUSE Leap 15.5 (x86_64) * opensc-32bit-0.22.0-150400.3.3.1 * opensc-32bit-debuginfo-0.22.0-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * opensc-debugsource-0.22.0-150400.3.3.1 * opensc-0.22.0-150400.3.3.1 * opensc-debuginfo-0.22.0-150400.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2977.html * https://bugzilla.suse.com/show_bug.cgi?id=1211894 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 08:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 08:30:11 -0000 Subject: SUSE-SU-2023:2515-1: moderate: Security update for rekor Message-ID: <168681781151.27616.9489286920375966225@smelt2.suse.de> # Security update for rekor Announcement ID: SUSE-SU-2023:2515-1 Rating: moderate References: * #1211790 Cross-References: * CVE-2023-33199 CVSS scores: * CVE-2023-33199 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-33199 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and contains one feature can now be installed. ## Description: This update for rekor fixes the following issues: * updated to rekor 1.2.1 (jsc#SLE-23476): * CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2515=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2515=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2515=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2515=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.12.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.12.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.12.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33199.html * https://bugzilla.suse.com/show_bug.cgi?id=1211790 * https://jira.suse.com/browse/SLE-23476 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 15 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 15 Jun 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2521-1: moderate: Recommended update for libpulp-load-default Message-ID: <168684660348.1019.4184227035759361626@smelt2.suse.de> # Recommended update for libpulp-load-default Announcement ID: SUSE-RU-2023:2521-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that contains three features can now be installed. ## Description: This update for libpulp-load-default fixes the following issues: Installing this package enables live patching all processes by preloading libpulp into all processes (jsc#PED-3867, jsc#PED-2877, jsc#PED-3790). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2521=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * libpulp-load-default-0.1-150400.9.5.1 ## References: * https://jira.suse.com/browse/PED-2877 * https://jira.suse.com/browse/PED-3790 * https://jira.suse.com/browse/PED-3867 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 07:02:55 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:02:55 +0200 (CEST) Subject: SUSE-CU-2023:1945-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230616070255.27B07F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1945-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.150 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.150 Severity : moderate Type : security References : 1203750 1203818 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated From sle-updates at lists.suse.com Fri Jun 16 07:04:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:04:24 +0200 (CEST) Subject: SUSE-CU-2023:1946-1: Security update of suse/389-ds Message-ID: <20230616070424.D7923F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1946-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-22.5 , suse/389-ds:latest Container Release : 22.5 Severity : moderate Type : security References : 1203750 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). The following package changes have been done: - python3-base-3.6.15-150300.10.48.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated From sle-updates at lists.suse.com Fri Jun 16 07:04:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:04:59 +0200 (CEST) Subject: SUSE-CU-2023:1947-1: Security update of bci/golang Message-ID: <20230616070459.E6CBAF3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1947-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-23.4 Container Release : 23.4 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Fri Jun 16 07:05:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:05:05 +0200 (CEST) Subject: SUSE-CU-2023:1948-1: Security update of suse/postgres Message-ID: <20230616070505.A3B60F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1948-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.3 , suse/postgres:14.8 , suse/postgres:14.8-22.3 Container Release : 22.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Fri Jun 16 07:05:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:05:09 +0200 (CEST) Subject: SUSE-CU-2023:1949-1: Security update of suse/postgres Message-ID: <20230616070509.87D01F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1949-1 Container Tags : suse/postgres:15 , suse/postgres:15-6.3 , suse/postgres:15.3 , suse/postgres:15.3-6.3 , suse/postgres:latest Container Release : 6.3 Severity : moderate Type : security References : 1211795 CVE-2023-2953 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - container:sles15-image-15.0.0-27.14.68 updated From sle-updates at lists.suse.com Fri Jun 16 07:05:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:05:57 +0200 (CEST) Subject: SUSE-CU-2023:1950-1: Security update of bci/python Message-ID: <20230616070557.715C7F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1950-1 Container Tags : bci/python:3 , bci/python:3-36.4 , bci/python:3.6 , bci/python:3.6-36.4 Container Release : 36.4 Severity : moderate Type : security References : 1203750 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-3.6.15-150300.10.48.1 updated - python3-devel-3.6.15-150300.10.48.1 updated From sle-updates at lists.suse.com Fri Jun 16 07:06:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:06:01 +0200 (CEST) Subject: SUSE-CU-2023:1952-1: Security update of bci/python Message-ID: <20230616070601.ECDD1F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1952-1 Container Tags : bci/python:3 , bci/python:3-8.2 , bci/python:3.6 , bci/python:3.6-8.2 Container Release : 8.2 Severity : moderate Type : security References : 1203750 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-3.6.15-150300.10.48.1 updated - python3-devel-3.6.15-150300.10.48.1 updated From sle-updates at lists.suse.com Fri Jun 16 07:06:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:06:31 +0200 (CEST) Subject: SUSE-CU-2023:1953-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230616070631.F05CDF3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1953-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.411 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.411 Severity : moderate Type : security References : 1203750 1203818 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated From sle-updates at lists.suse.com Fri Jun 16 07:07:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 09:07:59 +0200 (CEST) Subject: SUSE-CU-2023:1955-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230616070759.F12EEF3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1955-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.233 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.233 Severity : moderate Type : security References : 1203750 1203818 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated From sle-updates at lists.suse.com Fri Jun 16 08:38:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 08:38:24 -0000 Subject: SUSE-SU-2023:2326-2: important: Security update for amazon-ssm-agent Message-ID: <168690470430.3705.7113117337621077876@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:2326-2 Rating: important References: * #1200441 Affected Products: * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2326=1 ## Package List: * Public Cloud Module 15-SP5 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 12:30:04 -0000 Subject: SUSE-FU-2023:2523-1: moderate: Feature update for lifecycle-data-sle-module-development-tools Message-ID: <168691860402.29744.1076744309995322660@smelt2.suse.de> # Feature update for lifecycle-data-sle-module-development-tools Announcement ID: SUSE-FU-2023:2523-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains six features can now be installed. ## Description: This update for lifecycle-data-sle-module-development-tools fixes the following issues: * Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-25046, jsc#SLE-25045, jsc#SLE-25044, jsc#PED-2030, jsc#PED-2033, jsc#PED-2035) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2523=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2523=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2523=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2523=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2523=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2523=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2523=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2523=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2523=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2523=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2523=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2523=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Enterprise Storage 7.1 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Enterprise Storage 7 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * Development Tools Module 15-SP4 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * lifecycle-data-sle-module-development-tools-1-150200.3.16.1 ## References: * https://jira.suse.com/browse/PED-2030 * https://jira.suse.com/browse/PED-2033 * https://jira.suse.com/browse/PED-2035 * https://jira.suse.com/browse/SLE-25044 * https://jira.suse.com/browse/SLE-25045 * https://jira.suse.com/browse/SLE-25046 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 12:30:05 -0000 Subject: SUSE-FU-2023:2522-1: moderate: Feature update for lifecycle-data-sle-module-toolchain Message-ID: <168691860587.29744.12633506111667164370@smelt2.suse.de> # Feature update for lifecycle-data-sle-module-toolchain Announcement ID: SUSE-FU-2023:2522-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Toolchain Module 12 An update that contains three features can now be installed. ## Description: This update for lifecycle-data-sle-module-toolchain fixes the following issues: * Added expiration data for GCC 11 yearly update for the Toolchain/Development modules (jsc#SLE-21581, jsc#SLE-21561, jsc#PM-2767) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-2522=1 ## Package List: * Toolchain Module 12 (noarch) * lifecycle-data-sle-module-toolchain-1-3.24.1 ## References: * https://jira.suse.com/browse/PM-2767 * https://jira.suse.com/browse/SLE-21561 * https://jira.suse.com/browse/SLE-21581 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2526-1: moderate: Security update for go1.20 Message-ID: <168693300485.25957.2982648441374459431@smelt2.suse.de> # Security update for go1.20 Announcement ID: SUSE-SU-2023:2526-1 Rating: moderate References: * #1206346 * #1212073 * #1212074 * #1212075 * #1212076 Cross-References: * CVE-2023-29402 * CVE-2023-29403 * CVE-2023-29404 * CVE-2023-29405 CVSS scores: * CVE-2023-29402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-29403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29404 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-29405 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for go1.20 fixes the following issues: Update to go1.20.5 (bsc#1206346): * CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). * CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). * CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). * CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2526=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2526=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2526=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2526=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2526=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.5-150000.1.14.1 * go1.20-race-1.20.5-150000.1.14.1 * go1.20-1.20.5-150000.1.14.1 * go1.20-doc-1.20.5-150000.1.14.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.5-150000.1.14.1 * go1.20-race-1.20.5-150000.1.14.1 * go1.20-1.20.5-150000.1.14.1 * go1.20-doc-1.20.5-150000.1.14.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.20-1.20.5-150000.1.14.1 * go1.20-doc-1.20.5-150000.1.14.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.20-race-1.20.5-150000.1.14.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.20-debuginfo-1.20.5-150000.1.14.1 * go1.20-race-1.20.5-150000.1.14.1 * go1.20-1.20.5-150000.1.14.1 * go1.20-doc-1.20.5-150000.1.14.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.20-debuginfo-1.20.5-150000.1.14.1 * go1.20-race-1.20.5-150000.1.14.1 * go1.20-1.20.5-150000.1.14.1 * go1.20-doc-1.20.5-150000.1.14.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29402.html * https://www.suse.com/security/cve/CVE-2023-29403.html * https://www.suse.com/security/cve/CVE-2023-29404.html * https://www.suse.com/security/cve/CVE-2023-29405.html * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1212073 * https://bugzilla.suse.com/show_bug.cgi?id=1212074 * https://bugzilla.suse.com/show_bug.cgi?id=1212075 * https://bugzilla.suse.com/show_bug.cgi?id=1212076 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 16:30:07 -0000 Subject: SUSE-SU-2023:2525-1: moderate: Security update for go1.19 Message-ID: <168693300765.25957.5269590609526623864@smelt2.suse.de> # Security update for go1.19 Announcement ID: SUSE-SU-2023:2525-1 Rating: moderate References: * #1200441 * #1212073 * #1212074 * #1212075 * #1212076 Cross-References: * CVE-2023-29402 * CVE-2023-29403 * CVE-2023-29404 * CVE-2023-29405 CVSS scores: * CVE-2023-29402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-29403 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2023-29404 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-29405 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves four vulnerabilities and has one fix can now be installed. ## Description: This update for go1.19 fixes the following issues: Update to go1.19.10 (bsc#1200441): * CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). * CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). * CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). * CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2525=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2525=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2525=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2525=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2525=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.10-150000.1.34.1 * go1.19-doc-1.19.10-150000.1.34.1 * openSUSE Leap 15.4 (aarch64 x86_64) * go1.19-race-1.19.10-150000.1.34.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.10-150000.1.34.1 * go1.19-race-1.19.10-150000.1.34.1 * go1.19-doc-1.19.10-150000.1.34.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.10-150000.1.34.1 * go1.19-doc-1.19.10-150000.1.34.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * go1.19-race-1.19.10-150000.1.34.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.19-1.19.10-150000.1.34.1 * go1.19-race-1.19.10-150000.1.34.1 * go1.19-doc-1.19.10-150000.1.34.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * go1.19-1.19.10-150000.1.34.1 * go1.19-race-1.19.10-150000.1.34.1 * go1.19-doc-1.19.10-150000.1.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-29402.html * https://www.suse.com/security/cve/CVE-2023-29403.html * https://www.suse.com/security/cve/CVE-2023-29404.html * https://www.suse.com/security/cve/CVE-2023-29405.html * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1212073 * https://bugzilla.suse.com/show_bug.cgi?id=1212074 * https://bugzilla.suse.com/show_bug.cgi?id=1212075 * https://bugzilla.suse.com/show_bug.cgi?id=1212076 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 16:30:10 -0000 Subject: SUSE-RU-2023:2524-1: moderate: Recommended update for libpulp Message-ID: <168693301004.25957.1617916629336313372@smelt2.suse.de> # Recommended update for libpulp Announcement ID: SUSE-RU-2023:2524-1 Rating: moderate References: * #1210224 Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that contains one feature and has one recommended fix can now be installed. ## Description: This update for libpulp fixes the following issues: Update package with libpulp-0.2.10: * Fix typo which makes write_bytes fallback to ptrace mode when vm_writev is available. * Detect when mprotect is blocked by seccomp (process launched by systemd, for example) and disable livepatching in the process (bsc#1210224, jsc#PED-2877). Update package with libpulp-0.2.9: * Add mechanism to enable or disable livepatching based or environment variables and in the new command `ulp set_patchable` (jsc#PED-2877). * Change `patch already applied` message from error to skipped. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2524=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2524=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libpulp-tools-debuginfo-0.2.10-150400.3.15.1 * libpulp0-debuginfo-0.2.10-150400.3.15.1 * libpulp-debuginfo-0.2.10-150400.3.15.1 * libpulp0-0.2.10-150400.3.15.1 * libpulp-tools-0.2.10-150400.3.15.1 * libpulp-debugsource-0.2.10-150400.3.15.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * libpulp-tools-debuginfo-0.2.10-150400.3.15.1 * libpulp0-debuginfo-0.2.10-150400.3.15.1 * libpulp-debuginfo-0.2.10-150400.3.15.1 * libpulp0-0.2.10-150400.3.15.1 * libpulp-tools-0.2.10-150400.3.15.1 * libpulp-debugsource-0.2.10-150400.3.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210224 * https://jira.suse.com/browse/PED-2877 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 20:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 20:30:03 -0000 Subject: SUSE-SU-2023:2530-1: moderate: Security update for open-vm-tools Message-ID: <168694740391.15059.3321475130439088685@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:2530-1 Rating: moderate References: * #1210695 * #1212143 Cross-References: * CVE-2023-20867 CVSS scores: * CVE-2023-20867 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20867 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: * Fixed build problem with grpc 1.54 (bsc#1210695). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2530=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2530=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2530=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.53.1 * open-vm-tools-debuginfo-12.2.0-4.53.1 * open-vm-tools-12.2.0-4.53.1 * open-vm-tools-salt-minion-12.2.0-4.53.1 * libvmtools0-debuginfo-12.2.0-4.53.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.53.1 * open-vm-tools-sdmp-12.2.0-4.53.1 * open-vm-tools-debugsource-12.2.0-4.53.1 * open-vm-tools-desktop-12.2.0-4.53.1 * libvmtools0-12.2.0-4.53.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.53.1 * open-vm-tools-debuginfo-12.2.0-4.53.1 * open-vm-tools-12.2.0-4.53.1 * open-vm-tools-salt-minion-12.2.0-4.53.1 * libvmtools0-debuginfo-12.2.0-4.53.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.53.1 * open-vm-tools-sdmp-12.2.0-4.53.1 * open-vm-tools-debugsource-12.2.0-4.53.1 * open-vm-tools-desktop-12.2.0-4.53.1 * libvmtools0-12.2.0-4.53.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * open-vm-tools-sdmp-debuginfo-12.2.0-4.53.1 * open-vm-tools-debuginfo-12.2.0-4.53.1 * open-vm-tools-12.2.0-4.53.1 * open-vm-tools-salt-minion-12.2.0-4.53.1 * libvmtools0-debuginfo-12.2.0-4.53.1 * open-vm-tools-desktop-debuginfo-12.2.0-4.53.1 * open-vm-tools-sdmp-12.2.0-4.53.1 * open-vm-tools-debugsource-12.2.0-4.53.1 * open-vm-tools-desktop-12.2.0-4.53.1 * libvmtools0-12.2.0-4.53.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20867.html * https://bugzilla.suse.com/show_bug.cgi?id=1210695 * https://bugzilla.suse.com/show_bug.cgi?id=1212143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 20:30:06 -0000 Subject: SUSE-OU-2023:2529-1: moderate: Optional update for go1.19-openssl Message-ID: <168694740624.15059.17980228536223842976@smelt2.suse.de> # Optional update for go1.19-openssl Announcement ID: SUSE-OU-2023:2529-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that contains two features can now be installed. ## Description: This update for go1.19-openssl fixes the following issues: This update delivers a go1.19 1.19.10.1 package built with its cryptography using the system openssl library. (jsc#SLE-18320 jsc#PED-1962) This allows GO binaries built with go1.19-openssl to be operating in FIPS 140-2/3 mode. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2529=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2529=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2529=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2529=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.19-openssl-doc-1.19.10.1-150000.1.5.1 * go1.19-openssl-1.19.10.1-150000.1.5.1 * go1.19-openssl-race-1.19.10.1-150000.1.5.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * go1.19-openssl-doc-1.19.10.1-150000.1.5.1 * go1.19-openssl-1.19.10.1-150000.1.5.1 * go1.19-openssl-race-1.19.10.1-150000.1.5.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.19-openssl-doc-1.19.10.1-150000.1.5.1 * go1.19-openssl-1.19.10.1-150000.1.5.1 * go1.19-openssl-race-1.19.10.1-150000.1.5.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * go1.19-openssl-doc-1.19.10.1-150000.1.5.1 * go1.19-openssl-1.19.10.1-150000.1.5.1 * go1.19-openssl-race-1.19.10.1-150000.1.5.1 ## References: * https://jira.suse.com/browse/PED-1962 * https://jira.suse.com/browse/SLE-18320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 20:30:08 -0000 Subject: SUSE-RU-2023:2528-1: moderate: Recommended update for powerpc-utils Message-ID: <168694740824.15059.10358392708400608692@smelt2.suse.de> # Recommended update for powerpc-utils Announcement ID: SUSE-RU-2023:2528-1 Rating: moderate References: * #1211883 * #1212031 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has two recommended fixes can now be installed. ## Description: This update for powerpc-utils fixes the following issues: * Fix negative utilization value reported by lparstat -E (bsc#1212031) * Fix lparstat error with mixed SMT state (bsc#1211883 ltc#02144) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2528=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2528=1 ## Package List: * openSUSE Leap 15.4 (ppc64le) * powerpc-utils-1.3.10-150400.19.12.1 * powerpc-utils-debuginfo-1.3.10-150400.19.12.1 * powerpc-utils-debugsource-1.3.10-150400.19.12.1 * Basesystem Module 15-SP4 (ppc64le) * powerpc-utils-1.3.10-150400.19.12.1 * powerpc-utils-debuginfo-1.3.10-150400.19.12.1 * powerpc-utils-debugsource-1.3.10-150400.19.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211883 * https://bugzilla.suse.com/show_bug.cgi?id=1212031 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 16 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 16 Jun 2023 20:30:09 -0000 Subject: SUSE-RU-2023:2527-1: moderate: Recommended update for NetworkManager Message-ID: <168694740964.15059.15996369385006577674@smelt2.suse.de> # Recommended update for NetworkManager Announcement ID: SUSE-RU-2023:2527-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that can now be installed. ## Description: This update for NetworkManager fixes the following issues: * Create /etc/NetworkManager/conf.d by default, allowing easy override for NetworkManager.conf file with drop-in * Move default config file to /usr/lib/NetworkManager/NetworkManager.conf, as part of main package * Ensure /usr/lib/NetworkManager/conf.d is part of the package ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2527=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2527=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * NetworkManager-debugsource-1.38.2-150400.3.3.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.3.1 * libnm0-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-pppoe-1.38.2-150400.3.3.1 * NetworkManager-cloud-setup-1.38.2-150400.3.3.1 * NetworkManager-1.38.2-150400.3.3.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-wwan-1.38.2-150400.3.3.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.3.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.3.1 * libnm0-1.38.2-150400.3.3.1 * NetworkManager-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-tui-1.38.2-150400.3.3.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-bluetooth-1.38.2-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * NetworkManager-debugsource-1.38.2-150400.3.3.1 * NetworkManager-bluetooth-debuginfo-1.38.2-150400.3.3.1 * libnm0-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-pppoe-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-pppoe-1.38.2-150400.3.3.1 * NetworkManager-cloud-setup-1.38.2-150400.3.3.1 * NetworkManager-1.38.2-150400.3.3.1 * NetworkManager-tui-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-wwan-1.38.2-150400.3.3.1 * typelib-1_0-NM-1_0-1.38.2-150400.3.3.1 * NetworkManager-wwan-debuginfo-1.38.2-150400.3.3.1 * libnm0-1.38.2-150400.3.3.1 * NetworkManager-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-tui-1.38.2-150400.3.3.1 * NetworkManager-cloud-setup-debuginfo-1.38.2-150400.3.3.1 * NetworkManager-bluetooth-1.38.2-150400.3.3.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Jun 17 07:06:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 17 Jun 2023 09:06:37 +0200 (CEST) Subject: SUSE-CU-2023:1963-1: Security update of bci/golang Message-ID: <20230617070637.3E9E3F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1963-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-3.5 , bci/golang:latest Container Release : 3.5 Severity : moderate Type : security References : 1206346 1212073 1212074 1212075 1212076 CVE-2023-29402 CVE-2023-29403 CVE-2023-29404 CVE-2023-29405 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2526-1 Released: Fri Jun 16 17:33:35 2023 Summary: Security update for go1.20 Type: security Severity: moderate References: 1206346,1212073,1212074,1212075,1212076,CVE-2023-29402,CVE-2023-29403,CVE-2023-29404,CVE-2023-29405 This update for go1.20 fixes the following issues: Update to go1.20.5 (bsc#1206346): - CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073). - CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074). - CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075). - CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076). The following package changes have been done: - go1.20-1.20.5-150000.1.14.1 updated From sle-updates at lists.suse.com Mon Jun 19 08:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:08 -0000 Subject: SUSE-SU-2023:2537-1: important: Security update for the Linux Kernel Message-ID: <168716340832.21255.2194413211354588678@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2537-1 Rating: important References: * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1209287 * #1210629 * #1210715 * #1210783 * #1210940 * #1211105 * #1211186 * #1211260 * #1211592 Cross-References: * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1380 * CVE-2023-2176 * CVE-2023-2194 * CVE-2023-2513 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32269 CVSS scores: * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves 13 vulnerabilities and has three fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-1380: A slab-out-of-bound read problem was fixed in brcmf_get_assoc_ies(), that could lead to a denial of service (bsc#1209287). * CVE-2023-2513: A use-after-free vulnerability was fixed in the ext4 filesystem, related to the way it handled the extra inode size for extended attributes (bsc#1211105). * CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out- of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). The following non-security bugs were fixed: * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2537=1 SUSE-SLE- HA-12-SP4-2023-2537=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2537=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2537=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2537=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2537=1 * SUSE Linux Enterprise High Availability Extension 12 SP4 zypper in -t patch SUSE-SLE-HA-12-SP4-2023-2537=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2537=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (nosrc ppc64le x86_64) * kernel-default-4.12.14-95.128.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * cluster-md-kmp-default-4.12.14-95.128.1 * gfs2-kmp-default-debuginfo-4.12.14-95.128.1 * kernel-default-base-4.12.14-95.128.1 * cluster-md-kmp-default-debuginfo-4.12.14-95.128.1 * kernel-default-devel-4.12.14-95.128.1 * dlm-kmp-default-4.12.14-95.128.1 * dlm-kmp-default-debuginfo-4.12.14-95.128.1 * ocfs2-kmp-default-debuginfo-4.12.14-95.128.1 * gfs2-kmp-default-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * kernel-default-base-debuginfo-4.12.14-95.128.1 * kernel-syms-4.12.14-95.128.1 * ocfs2-kmp-default-4.12.14-95.128.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * kernel-source-4.12.14-95.128.1 * kernel-macros-4.12.14-95.128.1 * kernel-devel-4.12.14-95.128.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 nosrc x86_64) * kernel-default-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * kernel-default-base-4.12.14-95.128.1 * kernel-default-devel-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * kernel-default-base-debuginfo-4.12.14-95.128.1 * kernel-syms-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * kernel-source-4.12.14-95.128.1 * kernel-macros-4.12.14-95.128.1 * kernel-devel-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * kernel-default-base-4.12.14-95.128.1 * kernel-default-devel-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * kernel-default-base-debuginfo-4.12.14-95.128.1 * kernel-syms-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * kernel-source-4.12.14-95.128.1 * kernel-macros-4.12.14-95.128.1 * kernel-devel-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x) * kernel-default-man-4.12.14-95.128.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * kernel-default-devel-debuginfo-4.12.14-95.128.1 * SUSE OpenStack Cloud 9 (nosrc x86_64) * kernel-default-4.12.14-95.128.1 * SUSE OpenStack Cloud 9 (x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * kernel-default-base-4.12.14-95.128.1 * kernel-default-devel-4.12.14-95.128.1 * kernel-default-devel-debuginfo-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * kernel-default-base-debuginfo-4.12.14-95.128.1 * kernel-syms-4.12.14-95.128.1 * SUSE OpenStack Cloud 9 (noarch) * kernel-source-4.12.14-95.128.1 * kernel-macros-4.12.14-95.128.1 * kernel-devel-4.12.14-95.128.1 * SUSE OpenStack Cloud Crowbar 9 (nosrc x86_64) * kernel-default-4.12.14-95.128.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * kernel-default-base-4.12.14-95.128.1 * kernel-default-devel-4.12.14-95.128.1 * kernel-default-devel-debuginfo-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * kernel-default-base-debuginfo-4.12.14-95.128.1 * kernel-syms-4.12.14-95.128.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * kernel-source-4.12.14-95.128.1 * kernel-macros-4.12.14-95.128.1 * kernel-devel-4.12.14-95.128.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (ppc64le s390x x86_64) * kernel-default-debuginfo-4.12.14-95.128.1 * cluster-md-kmp-default-4.12.14-95.128.1 * gfs2-kmp-default-debuginfo-4.12.14-95.128.1 * cluster-md-kmp-default-debuginfo-4.12.14-95.128.1 * dlm-kmp-default-4.12.14-95.128.1 * ocfs2-kmp-default-debuginfo-4.12.14-95.128.1 * gfs2-kmp-default-4.12.14-95.128.1 * kernel-default-debugsource-4.12.14-95.128.1 * dlm-kmp-default-debuginfo-4.12.14-95.128.1 * ocfs2-kmp-default-4.12.14-95.128.1 * SUSE Linux Enterprise High Availability Extension 12 SP4 (nosrc) * kernel-default-4.12.14-95.128.1 * SUSE Linux Enterprise Live Patching 12-SP4 (nosrc) * kernel-default-4.12.14-95.128.1 * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kernel-default-kgraft-devel-4.12.14-95.128.1 * kgraft-patch-4_12_14-95_128-default-1-6.3.1 * kernel-default-kgraft-4.12.14-95.128.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211260 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:18 -0000 Subject: SUSE-SU-2023:2534-1: important: Security update for the Linux Kernel Message-ID: <168716341826.21255.10729669305211575163@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2534-1 Rating: important References: * #1172073 * #1191731 * #1199046 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1208600 * #1209287 * #1209366 * #1210629 * #1210715 * #1210783 * #1210791 * #1210940 * #1211037 * #1211089 * #1211105 * #1211186 * #1211519 * #1211592 * #1211622 * #1211796 Cross-References: * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1077 * CVE-2023-1380 * CVE-2023-2176 * CVE-2023-2194 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-28466 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32269 CVSS scores: * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Availability Extension 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that solves 16 vulnerabilities and has 10 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * google/gve:fix repeated words in comments (bsc#1211519). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (bsc#1211519). * gve: Fix GFP flags when allocing pages (bsc#1211519). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (bsc#1211519). * gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). * gve: enhance no queue page list detection (bsc#1211519). * hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * scsi: storvsc: Parameterize number hardware queues (bsc#1211622). * usrmerge: Compatibility with earlier rpm (boo#1211796) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2534=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2534=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2534=1 * SUSE Linux Enterprise High Availability Extension 15 SP1 zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-2534=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2534=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2534=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2534=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (nosrc) * kernel-kvmsmall-4.12.14-150100.197.148.1 * kernel-zfcpdump-4.12.14-150100.197.148.1 * kernel-default-4.12.14-150100.197.148.1 * kernel-debug-4.12.14-150100.197.148.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-base-4.12.14-150100.197.148.1 * kernel-debug-base-debuginfo-4.12.14-150100.197.148.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.148.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-debugsource-4.12.14-150100.197.148.1 * kernel-default-base-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-base-4.12.14-150100.197.148.1 * openSUSE Leap 15.4 (x86_64) * kernel-kvmsmall-base-4.12.14-150100.197.148.1 * kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.148.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.148.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-man-4.12.14-150100.197.148.1 * kernel-default-man-4.12.14-150100.197.148.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-vanilla-4.12.14-150100.197.148.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kernel-vanilla-devel-4.12.14-150100.197.148.1 * kernel-vanilla-base-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-livepatch-devel-4.12.14-150100.197.148.1 * kernel-vanilla-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-debugsource-4.12.14-150100.197.148.1 * kernel-vanilla-debuginfo-4.12.14-150100.197.148.1 * kernel-vanilla-base-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Live Patching 15-SP1 (nosrc) * kernel-default-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-default-livepatch-devel-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * kernel-livepatch-4_12_14-150100_197_148-default-1-150100.3.3.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * kernel-default-livepatch-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-4.12.14-150100.197.148.1 * dlm-kmp-default-debuginfo-4.12.14-150100.197.148.1 * cluster-md-kmp-default-4.12.14-150100.197.148.1 * gfs2-kmp-default-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * dlm-kmp-default-4.12.14-150100.197.148.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * gfs2-kmp-default-debuginfo-4.12.14-150100.197.148.1 * ocfs2-kmp-default-4.12.14-150100.197.148.1 * ocfs2-kmp-default-debuginfo-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Availability Extension 15 SP1 (nosrc) * kernel-default-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 nosrc x86_64) * kernel-default-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * kernel-default-base-4.12.14-150100.197.148.1 * kernel-obs-build-debugsource-4.12.14-150100.197.148.1 * kernel-obs-build-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * kernel-syms-4.12.14-150100.197.148.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * kernel-default-base-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.148.1 * kernel-source-4.12.14-150100.197.148.1 * kernel-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * kernel-default-base-4.12.14-150100.197.148.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1 * reiserfs-kmp-default-4.12.14-150100.197.148.1 * kernel-obs-build-debugsource-4.12.14-150100.197.148.1 * kernel-obs-build-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * kernel-syms-4.12.14-150100.197.148.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * kernel-default-base-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * kernel-macros-4.12.14-150100.197.148.1 * kernel-source-4.12.14-150100.197.148.1 * kernel-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (s390x) * kernel-zfcpdump-debugsource-4.12.14-150100.197.148.1 * kernel-default-man-4.12.14-150100.197.148.1 * kernel-zfcpdump-debuginfo-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (nosrc) * kernel-zfcpdump-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (nosrc ppc64le x86_64) * kernel-default-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * kernel-default-base-4.12.14-150100.197.148.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1 * reiserfs-kmp-default-4.12.14-150100.197.148.1 * kernel-obs-build-debugsource-4.12.14-150100.197.148.1 * kernel-obs-build-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * kernel-syms-4.12.14-150100.197.148.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * kernel-default-base-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * kernel-macros-4.12.14-150100.197.148.1 * kernel-source-4.12.14-150100.197.148.1 * kernel-devel-4.12.14-150100.197.148.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch nosrc) * kernel-docs-4.12.14-150100.197.148.1 * SUSE CaaS Platform 4.0 (nosrc x86_64) * kernel-default-4.12.14-150100.197.148.1 * SUSE CaaS Platform 4.0 (x86_64) * kernel-default-base-4.12.14-150100.197.148.1 * reiserfs-kmp-default-debuginfo-4.12.14-150100.197.148.1 * reiserfs-kmp-default-4.12.14-150100.197.148.1 * kernel-obs-build-debugsource-4.12.14-150100.197.148.1 * kernel-obs-build-4.12.14-150100.197.148.1 * kernel-default-debuginfo-4.12.14-150100.197.148.1 * kernel-syms-4.12.14-150100.197.148.1 * kernel-default-debugsource-4.12.14-150100.197.148.1 * kernel-default-base-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-debuginfo-4.12.14-150100.197.148.1 * kernel-default-devel-4.12.14-150100.197.148.1 * SUSE CaaS Platform 4.0 (noarch) * kernel-macros-4.12.14-150100.197.148.1 * kernel-source-4.12.14-150100.197.148.1 * kernel-devel-4.12.14-150100.197.148.1 * SUSE CaaS Platform 4.0 (noarch nosrc) * kernel-docs-4.12.14-150100.197.148.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1077.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1208600 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:20 -0000 Subject: SUSE-SU-2023:2539-1: moderate: Security update for jetty-minimal Message-ID: <168716342095.21255.7905850445735893132@smelt2.suse.de> # Security update for jetty-minimal Announcement ID: SUSE-SU-2023:2539-1 Rating: moderate References: * #1210620 * #1210621 Cross-References: * CVE-2023-26048 * CVE-2023-26049 CVSS scores: * CVE-2023-26048 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-26048 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-26049 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-26049 ( NVD ): 2.4 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for jetty-minimal fixes the following issues: Updated to version 9.4.51.v20230217: \- CVE-2023-26048: Fixed an excessive memory consumption when processing a large multipart request (bsc#1210620) \- CVE-2023-26049: Fixed a cookie exfiltration issue due to improper parsing (bsc#1210621). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2539=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2539=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2539=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2539=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2539=1 ## Package List: * openSUSE Leap 15.4 (noarch) * jetty-fcgi-9.4.51-150200.3.19.2 * jetty-servlet-9.4.51-150200.3.19.2 * jetty-ant-9.4.51-150200.3.19.2 * jetty-jmx-9.4.51-150200.3.19.2 * jetty-minimal-javadoc-9.4.51-150200.3.19.2 * jetty-jaas-9.4.51-150200.3.19.2 * jetty-servlets-9.4.51-150200.3.19.2 * jetty-annotations-9.4.51-150200.3.19.2 * jetty-openid-9.4.51-150200.3.19.2 * jetty-proxy-9.4.51-150200.3.19.2 * jetty-cdi-9.4.51-150200.3.19.2 * jetty-jndi-9.4.51-150200.3.19.2 * jetty-webapp-9.4.51-150200.3.19.2 * jetty-jsp-9.4.51-150200.3.19.2 * jetty-plus-9.4.51-150200.3.19.2 * jetty-start-9.4.51-150200.3.19.2 * jetty-client-9.4.51-150200.3.19.2 * jetty-security-9.4.51-150200.3.19.2 * jetty-http-9.4.51-150200.3.19.2 * jetty-rewrite-9.4.51-150200.3.19.2 * jetty-quickstart-9.4.51-150200.3.19.2 * jetty-http-spi-9.4.51-150200.3.19.2 * jetty-continuation-9.4.51-150200.3.19.2 * jetty-xml-9.4.51-150200.3.19.2 * jetty-util-9.4.51-150200.3.19.2 * jetty-deploy-9.4.51-150200.3.19.2 * jetty-server-9.4.51-150200.3.19.2 * jetty-io-9.4.51-150200.3.19.2 * jetty-util-ajax-9.4.51-150200.3.19.2 * openSUSE Leap 15.5 (noarch) * jetty-fcgi-9.4.51-150200.3.19.2 * jetty-servlet-9.4.51-150200.3.19.2 * jetty-ant-9.4.51-150200.3.19.2 * jetty-jmx-9.4.51-150200.3.19.2 * jetty-minimal-javadoc-9.4.51-150200.3.19.2 * jetty-jaas-9.4.51-150200.3.19.2 * jetty-servlets-9.4.51-150200.3.19.2 * jetty-annotations-9.4.51-150200.3.19.2 * jetty-openid-9.4.51-150200.3.19.2 * jetty-proxy-9.4.51-150200.3.19.2 * jetty-cdi-9.4.51-150200.3.19.2 * jetty-jndi-9.4.51-150200.3.19.2 * jetty-webapp-9.4.51-150200.3.19.2 * jetty-jsp-9.4.51-150200.3.19.2 * jetty-plus-9.4.51-150200.3.19.2 * jetty-start-9.4.51-150200.3.19.2 * jetty-client-9.4.51-150200.3.19.2 * jetty-security-9.4.51-150200.3.19.2 * jetty-http-9.4.51-150200.3.19.2 * jetty-rewrite-9.4.51-150200.3.19.2 * jetty-quickstart-9.4.51-150200.3.19.2 * jetty-http-spi-9.4.51-150200.3.19.2 * jetty-continuation-9.4.51-150200.3.19.2 * jetty-xml-9.4.51-150200.3.19.2 * jetty-util-9.4.51-150200.3.19.2 * jetty-deploy-9.4.51-150200.3.19.2 * jetty-server-9.4.51-150200.3.19.2 * jetty-io-9.4.51-150200.3.19.2 * jetty-util-ajax-9.4.51-150200.3.19.2 * Development Tools Module 15-SP4 (noarch) * jetty-servlet-9.4.51-150200.3.19.2 * jetty-util-9.4.51-150200.3.19.2 * jetty-security-9.4.51-150200.3.19.2 * jetty-io-9.4.51-150200.3.19.2 * jetty-server-9.4.51-150200.3.19.2 * jetty-http-9.4.51-150200.3.19.2 * jetty-util-ajax-9.4.51-150200.3.19.2 * Development Tools Module 15-SP5 (noarch) * jetty-servlet-9.4.51-150200.3.19.2 * jetty-util-9.4.51-150200.3.19.2 * jetty-security-9.4.51-150200.3.19.2 * jetty-io-9.4.51-150200.3.19.2 * jetty-server-9.4.51-150200.3.19.2 * jetty-http-9.4.51-150200.3.19.2 * jetty-util-ajax-9.4.51-150200.3.19.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * jetty-servlet-9.4.51-150200.3.19.2 * jetty-util-9.4.51-150200.3.19.2 * jetty-security-9.4.51-150200.3.19.2 * jetty-io-9.4.51-150200.3.19.2 * jetty-server-9.4.51-150200.3.19.2 * jetty-http-9.4.51-150200.3.19.2 * jetty-util-ajax-9.4.51-150200.3.19.2 ## References: * https://www.suse.com/security/cve/CVE-2023-26048.html * https://www.suse.com/security/cve/CVE-2023-26049.html * https://bugzilla.suse.com/show_bug.cgi?id=1210620 * https://bugzilla.suse.com/show_bug.cgi?id=1210621 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:23 -0000 Subject: SUSE-SU-2023:2536-1: important: Security update for openvswitch3 Message-ID: <168716342316.21255.343459355148946463@smelt2.suse.de> # Security update for openvswitch3 Announcement ID: SUSE-SU-2023:2536-1 Rating: important References: * #1210054 Cross-References: * CVE-2023-1668 CVSS scores: * CVE-2023-1668 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1668 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch3 fixes the following issues: * CVE-2023-1668: Fixed a remote denial of service that could be triggered via malformed IP packets (bsc#1210054). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2536=1 openSUSE-SLE-15.5-2023-2536=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2536=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * ovn3-host-23.03.0-150500.3.3.1 * openvswitch3-ipsec-3.1.0-150500.3.3.1 * ovn3-host-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-3.1.0-150500.3.3.1 * ovn3-vtep-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-vtep-3.1.0-150500.3.3.1 * ovn3-23.03.0-150500.3.3.1 * ovn3-debuginfo-23.03.0-150500.3.3.1 * ovn3-central-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-debugsource-3.1.0-150500.3.3.1 * ovn3-central-23.03.0-150500.3.3.1 * openvswitch3-test-3.1.0-150500.3.3.1 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-test-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-pki-3.1.0-150500.3.3.1 * libovn-23_03-0-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-devel-3.1.0-150500.3.3.1 * ovn3-docker-23.03.0-150500.3.3.1 * python3-ovs3-3.1.0-150500.3.3.1 * libovn-23_03-0-23.03.0-150500.3.3.1 * ovn3-vtep-23.03.0-150500.3.3.1 * ovn3-devel-23.03.0-150500.3.3.1 * libopenvswitch-3_1-0-3.1.0-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * ovn3-doc-23.03.0-150500.3.3.1 * openvswitch3-doc-3.1.0-150500.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ovn3-host-23.03.0-150500.3.3.1 * openvswitch3-ipsec-3.1.0-150500.3.3.1 * ovn3-host-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-3.1.0-150500.3.3.1 * ovn3-vtep-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-vtep-3.1.0-150500.3.3.1 * ovn3-23.03.0-150500.3.3.1 * ovn3-debuginfo-23.03.0-150500.3.3.1 * ovn3-central-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-debugsource-3.1.0-150500.3.3.1 * ovn3-central-23.03.0-150500.3.3.1 * openvswitch3-test-3.1.0-150500.3.3.1 * libopenvswitch-3_1-0-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-vtep-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-test-debuginfo-3.1.0-150500.3.3.1 * openvswitch3-pki-3.1.0-150500.3.3.1 * libovn-23_03-0-debuginfo-23.03.0-150500.3.3.1 * openvswitch3-devel-3.1.0-150500.3.3.1 * ovn3-docker-23.03.0-150500.3.3.1 * python3-ovs3-3.1.0-150500.3.3.1 * libovn-23_03-0-23.03.0-150500.3.3.1 * ovn3-vtep-23.03.0-150500.3.3.1 * ovn3-devel-23.03.0-150500.3.3.1 * libopenvswitch-3_1-0-3.1.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1668.html * https://bugzilla.suse.com/show_bug.cgi?id=1210054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:29 -0000 Subject: SUSE-SU-2023:2535-1: important: Security update for xen Message-ID: <168716342900.21255.10262470132772798763@smelt2.suse.de> # Security update for xen Announcement ID: SUSE-SU-2023:2535-1 Rating: important References: * #1027519 * #1208736 * #1209237 * #1209245 * #1210315 * #1210570 * #1211433 Cross-References: * CVE-2022-42335 * CVE-2022-42336 CVSS scores: * CVE-2022-42335 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H * CVE-2022-42336 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has five fixes can now be installed. ## Description: This update for xen fixes the following issues: Security fixes: * CVE-2022-42336: Fix an issue where guests configuring AMD Speculative Store Bypass Disable would have no effect (XSA-431) (bsc#1211433). * CVE-2022-42335: Fixed an issue where guests running under shadow mode with a PCI devices passed through could force the hypervisor to dereference arbitrary memory, leading to a denial of service (XSA-430) (bsc#1210315). Non-security fixes: * Fixed a build warning false positive (bsc#1210570). * Added missing debug-info to xen-syms (bsc#1209237). * Updated to version 4.17.1 (bsc#1027519). * Fixed a failure during VM destruction when using host-assisted kexec and kdump (bsc#1209245). * Other upstream fixes (bsc#1027519). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2535=1 openSUSE-SLE-15.5-2023-2535=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2535=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2535=1 ## Package List: * openSUSE Leap 15.5 (aarch64 x86_64 i586) * xen-debugsource-4.17.1_04-150500.3.3.1 * xen-tools-domU-4.17.1_04-150500.3.3.1 * xen-libs-4.17.1_04-150500.3.3.1 * xen-tools-domU-debuginfo-4.17.1_04-150500.3.3.1 * xen-devel-4.17.1_04-150500.3.3.1 * xen-libs-debuginfo-4.17.1_04-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * xen-libs-32bit-debuginfo-4.17.1_04-150500.3.3.1 * xen-libs-32bit-4.17.1_04-150500.3.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * xen-tools-debuginfo-4.17.1_04-150500.3.3.1 * xen-tools-4.17.1_04-150500.3.3.1 * xen-4.17.1_04-150500.3.3.1 * xen-doc-html-4.17.1_04-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * xen-tools-xendomains-wait-disk-4.17.1_04-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * xen-libs-64bit-4.17.1_04-150500.3.3.1 * xen-libs-64bit-debuginfo-4.17.1_04-150500.3.3.1 * Basesystem Module 15-SP5 (x86_64) * xen-debugsource-4.17.1_04-150500.3.3.1 * xen-tools-domU-4.17.1_04-150500.3.3.1 * xen-libs-4.17.1_04-150500.3.3.1 * xen-tools-domU-debuginfo-4.17.1_04-150500.3.3.1 * xen-libs-debuginfo-4.17.1_04-150500.3.3.1 * Server Applications Module 15-SP5 (x86_64) * xen-debugsource-4.17.1_04-150500.3.3.1 * xen-devel-4.17.1_04-150500.3.3.1 * xen-4.17.1_04-150500.3.3.1 * xen-tools-debuginfo-4.17.1_04-150500.3.3.1 * xen-tools-4.17.1_04-150500.3.3.1 * Server Applications Module 15-SP5 (noarch) * xen-tools-xendomains-wait-disk-4.17.1_04-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2022-42335.html * https://www.suse.com/security/cve/CVE-2022-42336.html * https://bugzilla.suse.com/show_bug.cgi?id=1027519 * https://bugzilla.suse.com/show_bug.cgi?id=1208736 * https://bugzilla.suse.com/show_bug.cgi?id=1209237 * https://bugzilla.suse.com/show_bug.cgi?id=1209245 * https://bugzilla.suse.com/show_bug.cgi?id=1210315 * https://bugzilla.suse.com/show_bug.cgi?id=1210570 * https://bugzilla.suse.com/show_bug.cgi?id=1211433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:31 -0000 Subject: SUSE-SU-2023:2533-1: important: Security update for bluez Message-ID: <168716343104.21255.5372541152739275427@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:2533-1 Rating: important References: * #1210398 Cross-References: * CVE-2023-27349 CVSS scores: * CVE-2023-27349 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2533=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2533=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2533=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * bluez-debugsource-5.48-150000.5.49.1 * bluez-devel-5.48-150000.5.49.1 * libbluetooth3-5.48-150000.5.49.1 * bluez-debuginfo-5.48-150000.5.49.1 * bluez-5.48-150000.5.49.1 * libbluetooth3-debuginfo-5.48-150000.5.49.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.48-150000.5.49.1 * bluez-devel-5.48-150000.5.49.1 * libbluetooth3-5.48-150000.5.49.1 * bluez-debuginfo-5.48-150000.5.49.1 * bluez-5.48-150000.5.49.1 * libbluetooth3-debuginfo-5.48-150000.5.49.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * bluez-debugsource-5.48-150000.5.49.1 * bluez-devel-5.48-150000.5.49.1 * libbluetooth3-5.48-150000.5.49.1 * bluez-debuginfo-5.48-150000.5.49.1 * bluez-5.48-150000.5.49.1 * libbluetooth3-debuginfo-5.48-150000.5.49.1 * SUSE CaaS Platform 4.0 (x86_64) * bluez-debugsource-5.48-150000.5.49.1 * bluez-devel-5.48-150000.5.49.1 * libbluetooth3-5.48-150000.5.49.1 * bluez-debuginfo-5.48-150000.5.49.1 * bluez-5.48-150000.5.49.1 * libbluetooth3-debuginfo-5.48-150000.5.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27349.html * https://bugzilla.suse.com/show_bug.cgi?id=1210398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 08:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 08:30:33 -0000 Subject: SUSE-SU-2023:2531-1: important: Security update for libX11 Message-ID: <168716343348.21255.2840259441274994338@smelt2.suse.de> # Security update for libX11 Announcement ID: SUSE-SU-2023:2531-1 Rating: important References: * #1212102 Cross-References: * CVE-2023-3138 CVSS scores: * CVE-2023-3138 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for libX11 fixes the following issues: * CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2531=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2531=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2531=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2531=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2531=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2531=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2531=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2531=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2531=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2531=1 ## Package List: * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libX11-6-32bit-1.6.2-12.30.1 * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE OpenStack Cloud 9 (x86_64) * libX11-6-32bit-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * libX11-6-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE OpenStack Cloud 9 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libX11-6-32bit-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * libX11-6-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libX11-6-1.6.2-12.30.1 * libX11-6-debuginfo-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 * libX11-xcb1-debuginfo-1.6.2-12.30.1 * libX11-xcb1-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * libX11-data-1.6.2-12.30.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libX11-6-debuginfo-32bit-1.6.2-12.30.1 * libX11-6-32bit-1.6.2-12.30.1 * libX11-xcb1-debuginfo-32bit-1.6.2-12.30.1 * libX11-xcb1-32bit-1.6.2-12.30.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libX11-devel-1.6.2-12.30.1 * libX11-debugsource-1.6.2-12.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3138.html * https://bugzilla.suse.com/show_bug.cgi?id=1212102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 10:37:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:37:11 +0200 (CEST) Subject: SUSE-CU-2023:1985-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230619103711.50331F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1985-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.47 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.47 Severity : moderate Type : security References : 1203750 1203818 1211158 CVE-2007-4559 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - supportutils-3.1.21-150300.7.35.18.1 updated From sle-updates at lists.suse.com Mon Jun 19 12:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:18 -0000 Subject: SUSE-SU-2023:2538-1: important: Security update for the Linux Kernel Message-ID: <168717781800.21520.10518948067782453087@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2538-1 Rating: important References: * #1065729 * #1118212 * #1129770 * #1154048 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206878 * #1209287 * #1209366 * #1209857 * #1210544 * #1210629 * #1210715 * #1210783 * #1210806 * #1210940 * #1211044 * #1211105 * #1211186 * #1211275 * #1211360 * #1211361 * #1211362 * #1211363 * #1211364 * #1211365 * #1211366 * #1211466 * #1211592 * #1211622 * #1211801 * #1211816 * #1211960 Cross-References: * CVE-2022-3566 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1380 * CVE-2023-2176 * CVE-2023-2194 * CVE-2023-2269 * CVE-2023-2513 * CVE-2023-28466 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32269 CVSS scores: * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-2176 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2176 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Availability Extension 12 SP5 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves 15 vulnerabilities and has 22 fixes can now be installed. ## Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629). The following non-security bugs were fixed: * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * Documentation: Document sysfs interfaces purr, spurr, idle_purr, idle_spurr (PED-3947 bsc#1210544 ltc#202303). * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * IB/hfi1: Assign npages earlier (git-fixes) * IB/iser: bound protection_sg size by data_sg size (git-fixes) * IB/mlx4: Fix memory leaks (git-fixes) * IB/mlx4: Increase the timeout for CM cache (git-fixes) * IB/mlx5: Fix initializing CQ fragments buffer (git-fixes) * IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git- fixes) * IB/usnic: Fix potential deadlock (git-fixes) * KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1 (git-fixes). * KVM: x86: Update the exit_qualification access bits while walking an address (git-fixes). * KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing (git-fixes). * KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). * KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). * KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). * KVM: x86: fix empty-body warnings (git-fixes). * KVM: x86: fix incorrect comparison in trace event (git-fixes). * KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported (git-fixes). * Move upstreamed media fixes into sorted section * PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). * PCI: Call Max Payload Size-related fixup quirks early (git-fixes). * PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). * PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). * PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes). * PCI: aardvark: Configure PCIe resources from 'ranges' DT property (git- fixes). * PCI: aardvark: Fix PCIe Max Payload Size setting (git-fixes). * PCI: aardvark: Fix checking for PIO status (git-fixes). * PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). * PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). * PCI: xilinx-nwl: Enable the clock through CCF (git-fixes). * RDMA/bnxt_re: Restrict the max_gids to 256 (git-fixes) * RDMA/cma: Do not change route.addr.src_addr.ss_family (git-fixes) * RDMA/cma: Fix rdma_resolve_route() memory leak (git-fixes) * RDMA/core: Do not access cm_id after its destruction (git-fixes) * RDMA/cxgb4: Fix missing error code in create_qp() (git-fixes) * RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) * RDMA/hns: Bugfix for querying qkey (git-fixes) * RDMA/i40iw: Fix potential use after free (git-fixes) * RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' (git-fixes) * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (git-fixes) * RDMA/mlx5: Block delay drop to unprivileged users (git-fixes) * RDMA/rxe: Fix error type of mmap_offset (git-fixes) * RDMA/srp: Move large values to a new enum for gcc13 (git-fixes) * RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer (git- fixes) * RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes) * RDMa/mthca: Work around -Wenum-conversion warning (git-fixes) * RDS: IB: Fix null pointer issue (git-fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * Update patch reference for libata fix (bsc#1118212). * adm8211: fix error return code in adm8211_probe() (git-fixes). * backlight: lm3630a: Fix return code of .update_status() callback (bsc#1129770) * blacklist.conf: workqueue: Cosmetic change. Not worth backporting (bsc#1211275) * bonding: show full hw address in sysfs for slave entries (git-fixes). * ceph: force updating the msg pointer in non-split case (bsc#1211801). * cpuidle/powernv: avoid double irq enable coming out of idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: cpuidle set polling before enabling irqs (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: no memory barrier after break from idle (PED-3947 bsc#1210544 ltc#202303). * cpuidle: powerpc: read mostly for common globals (PED-3947 bsc#1210544 ltc#202303). * ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbcon: Check font dimension limits (bsc#1154048) * fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (bsc#1154048) * fix kcm_clone() (git-fixes). * fotg210-udc: Add missing completion handler (git-fixes). * ip6_tunnel: allow ip6gre dev mtu to be set below 1280 (git-fixes). * ip6_tunnel: fix IFLA_MTU ignored on NEWLINK (git-fixes). * ipoib: correcly show a VF hardware address (git-fixes) * ipv4: ipv4_default_advmss() should use route mtu (git-fixes). * ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT (git-fixes). * ipv6: icmp6: Allow icmp messages to be looped back (git-fixes). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * kcm: Check if sk_user_data already set in kcm_attach (git-fixes). * kvm: mmu: Do not read PDPTEs when paging is not enabled (git-fixes). * l2tp: remove configurable payload offset (git-fixes). * l2tp: remove l2specific_len dependency in l2tp_core (git-fixes). * libata: add horkage for ASMedia 1092 (git-fixes). * mac80211: choose first enabled channel for monitor (git-fixes). * mac80211: drop multicast fragments (git-fixes). * mac80211: fix fast-rx encryption check (git-fixes). * mac80211: pause TX while changing interface type (git-fixes). * media: radio-shark: Add endpoint checks (git-fixes). * mlx4: Use snprintf instead of complicated strcpy (git-fixes) * mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211466). * net/mlx4_core: Fix return codes of unsupported operations (git-fixes). * net/tcp/illinois: replace broken algorithm reference link (git-fixes). * net: Extra '_get' in declaration of arch_get_platform_mac_address (git- fixes). * net: altera_tse: fix connect_local_phy error path (git-fixes). * net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case (git- fixes). * net: amd: add missing of_node_put() (git-fixes). * net: arc_emac: fix arc_emac_rx() error paths (git-fixes). * net: broadcom: fix return type of ndo_start_xmit function (git-fixes). * net: davinci_emac: match the mdio device against its compatible if possible (git-fixes). * net: dsa: b53: Add BCM5389 support (git-fixes). * net: dsa: bcm_sf2: Turn on PHY to allow successful registration (git-fixes). * net: dsa: mt7530: fix module autoloading for OF platform drivers (git- fixes). * net: dsa: qca8k: Add support for QCA8334 switch (git-fixes). * net: emac: fix fixed-link setup for the RTL8363SB switch (git-fixes). * net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value (git- fixes). * net: faraday: fix return type of ndo_start_xmit function (git-fixes). * net: hisilicon: remove unexpected free_netdev (git-fixes). * net: hns3: fix return type of ndo_start_xmit function (git-fixes). * net: hns: Fix wrong read accesses via Clause 45 MDIO protocol (git-fixes). * net: ibm: fix possible object reference leak (git-fixes). * net: ipv6: send NS for DAD when link operationally up (git-fixes). * net: mediatek: setup proper state for disabled GMAC on the default (git- fixes). * net: micrel: fix return type of ndo_start_xmit function (git-fixes). * net: mvneta: fix enable of all initialized RXQs (git-fixes). * net: netxen: fix a missing check and an uninitialized use (git-fixes). * net: propagate dev_get_valid_name return code (git-fixes). * net: qca_spi: Fix log level if probe fails (git-fixes). * net: qcom/emac: Use proper free methods during TX (git-fixes). * net: qla3xxx: Remove overflowing shift statement (git-fixes). * net: smsc: fix return type of ndo_start_xmit function (git-fixes). * net: stmmac: do not log oversized frames (git-fixes). * net: stmmac: fix dropping of multi-descriptor RX frames (git-fixes). * net: sun: fix return type of ndo_start_xmit function (git-fixes). * net: toshiba: fix return type of ndo_start_xmit function (git-fixes). * net: xfrm: allow clearing socket xfrm policies (git-fixes). * net: xilinx: fix return type of ndo_start_xmit function (git-fixes). * netfilter: ebtables: convert BUG_ONs to WARN_ONs (git-fixes). * netfilter: ipt_CLUSTERIP: put config instead of freeing it (git-fixes). * netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount (git-fixes). * nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: unquiesce admin queue on shutdown (git-fixes). * nvme-pci: use the same attributes when freeing host_mem_desc_bufs (git- fixes). * nvme: Fix u32 overflow in the number of namespace list calculation (git- fixes). * nvme: free sq/cq dbbuf pointers when dbbuf set fails (git-fixes). * nvme: refine the Qemu Identify CNS quirk (git-fixes). * nvme: remove the ifdef around nvme_nvm_ioctl (git-fixes). * platform/x86: alienware-wmi: Adjust instance of wmi_evaluate_method calls to 0 (git-fixes). * platform/x86: alienware-wmi: constify attribute_group structures (git- fixes). * platform/x86: alienware-wmi: fix format string overflow warning (git-fixes). * platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer (git-fixes). * platform/x86: dell-laptop: fix rfkill functionality. * platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). * platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes). * powerpc/idle: Store PURR snapshot in a per-cpu global variable (PED-3947 bsc#1210544 ltc#202303). * powerpc/pseries: Account for SPURR ticks on idle CPUs (PED-3947 bsc#1210544 ltc#202303). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc/sysfs: Show idle_purr and idle_spurr for every CPU (PED-3947 bsc#1210544 ltc#202303). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * powerpc: Move idle_loop_prolog()/epilog() functions to header file (PED-3947 bsc#1210544 ltc#202303). * powerpc: Squash lines for simple wrapper functions (bsc#1065729). * rds; Reset rs->rs_bound_addr in rds_add_bound() failure path (git-fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rxe: IB_WR_REG_MR does not capture MR's iova field (git-fixes) * s390/dasd: correct numa_node in dasd_alloc_queue (git-fixes bsc#1211362). * s390/extmem: fix gcc 8 stringop-overflow warning (git-fixes bsc#1211363). * s390/kasan: fix early pgm check handler execution (git-fixes bsc#1211360). * s390/pci: fix sleeping in atomic during hotplug (git-fixes bsc#1211364). * s390/scm_blk: correct numa_node in scm_blk_dev_setup (git-fixes bsc#1211365). * s390/sysinfo: add missing #ifdef CONFIG_PROC_FS (git-fixes bsc#1211366). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (LTC#202116 bsc#1209857 git-fixes). * s390: ctcm: fix ctcm_new_device error return code (git-fixes bsc#1211361). * scsi: qla2xxx: Declare SCSI host template const (bsc#1211960). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: storvsc: Parameterize number hardware queues (bsc#1211622). * sctp: avoid flushing unsent queue when doing asoc reset (git-fixes). * sctp: fix erroneous inc of snmp SctpFragUsrMsgs (git-fixes). * sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege (git-fixes). * sctp: make use of pre-calculated len (git-fixes). * seccomp: Set PF_SUPERPRIV when checking capability (git-fixes bsc#1211816). * sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe (git- fixes). * sit: fix IFLA_MTU ignored on NEWLINK (git-fixes). * stmmac: fix valid numbers of unicast filter entries (git-fixes). * sunvnet: does not support GSO for sctp (git-fixes). * usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). * usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git- fixes). * vrf: mark skb for multicast or link-local as enslaved to VRF (git-fixes). * wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). * wcn36xx: Add ieee80211 rx status rate information (git-fixes). * wcn36xx: Channel list update before hardware scan (git-fixes). * wcn36xx: Disable bmps when encryption is disabled (git-fixes). * wcn36xx: Ensure finish scan is not requested before start scan (git-fixes). * wcn36xx: Fix TX data path (git-fixes). * wcn36xx: Fix multiple AMPDU sessions support (git-fixes). * wcn36xx: Fix software-driven scan (git-fix). * wcn36xx: Fix warning due to bad rate_idx (git-fixes). * wcn36xx: Increase number of TX retries (git-fixes). * wcn36xx: Specify ieee80211_rx_status.nss (git-fixes). * wcn36xx: Use kmemdup instead of duplicating it in wcn36xx_smd_process_ptt_msg_rsp (git-fixes). * wcn36xx: Use sequence number allocated by mac80211 (git-fixes). * wcn36xx: disable HW_CONNECTION_MONITOR (git-fixes). * wcn36xx: ensure pairing of init_scan/finish_scan and start_scan/end_scan (git-fixes). * wcn36xx: fix spelling mistake "to" -> "too" (git-fixes). * wcn36xx: fix typo (git-fixes). * wcn36xx: remove unecessary return (git-fixes). * wcn36xx: use dma_zalloc_coherent instead of allocator/memset (git-fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86/kvm/vmx: fix old-style function declaration (git-fixes). * x86/kvm: Do not call kvm_spurious_fault() from .fixup (git-fixes). * x86: kvm: avoid constant-conversion warning (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2538=1 SUSE-SLE- SERVER-12-SP5-2023-2538=1 * SUSE Linux Enterprise High Availability Extension 12 SP5 zypper in -t patch SUSE-SLE-HA-12-SP5-2023-2538=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2538=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2538=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2538=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2538=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2538=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * gfs2-kmp-default-4.12.14-122.162.1 * dlm-kmp-default-debuginfo-4.12.14-122.162.1 * ocfs2-kmp-default-4.12.14-122.162.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.162.1 * kernel-default-debugsource-4.12.14-122.162.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.162.1 * cluster-md-kmp-default-4.12.14-122.162.1 * dlm-kmp-default-4.12.14-122.162.1 * kernel-default-base-debuginfo-4.12.14-122.162.1 * kernel-syms-4.12.14-122.162.1 * kernel-default-base-4.12.14-122.162.1 * kernel-default-devel-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * gfs2-kmp-default-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (nosrc ppc64le x86_64) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * kernel-devel-4.12.14-122.162.1 * kernel-macros-4.12.14-122.162.1 * kernel-source-4.12.14-122.162.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (ppc64le s390x x86_64) * gfs2-kmp-default-4.12.14-122.162.1 * dlm-kmp-default-debuginfo-4.12.14-122.162.1 * ocfs2-kmp-default-4.12.14-122.162.1 * ocfs2-kmp-default-debuginfo-4.12.14-122.162.1 * kernel-default-debugsource-4.12.14-122.162.1 * cluster-md-kmp-default-debuginfo-4.12.14-122.162.1 * cluster-md-kmp-default-4.12.14-122.162.1 * dlm-kmp-default-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * gfs2-kmp-default-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise High Availability Extension 12 SP5 (nosrc) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise Live Patching 12-SP5 (nosrc) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.162.1 * kernel-default-kgraft-devel-4.12.14-122.162.1 * kgraft-patch-4_12_14-122_162-default-1-8.3.1 * kernel-default-kgraft-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch nosrc) * kernel-docs-4.12.14-122.162.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-4.12.14-122.162.1 * kernel-obs-build-4.12.14-122.162.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 nosrc x86_64) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * kernel-default-debugsource-4.12.14-122.162.1 * kernel-default-base-debuginfo-4.12.14-122.162.1 * kernel-syms-4.12.14-122.162.1 * kernel-default-base-4.12.14-122.162.1 * kernel-default-devel-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * kernel-devel-4.12.14-122.162.1 * kernel-macros-4.12.14-122.162.1 * kernel-source-4.12.14-122.162.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * kernel-default-debugsource-4.12.14-122.162.1 * kernel-default-base-debuginfo-4.12.14-122.162.1 * kernel-syms-4.12.14-122.162.1 * kernel-default-base-4.12.14-122.162.1 * kernel-default-devel-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * kernel-devel-4.12.14-122.162.1 * kernel-macros-4.12.14-122.162.1 * kernel-source-4.12.14-122.162.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * kernel-default-man-4.12.14-122.162.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * kernel-default-devel-debuginfo-4.12.14-122.162.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (nosrc) * kernel-default-4.12.14-122.162.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * kernel-default-debugsource-4.12.14-122.162.1 * kernel-default-extra-debuginfo-4.12.14-122.162.1 * kernel-default-debuginfo-4.12.14-122.162.1 * kernel-default-extra-4.12.14-122.162.1 ## References: * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-2176.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1118212 * https://bugzilla.suse.com/show_bug.cgi?id=1129770 * https://bugzilla.suse.com/show_bug.cgi?id=1154048 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206878 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209366 * https://bugzilla.suse.com/show_bug.cgi?id=1209857 * https://bugzilla.suse.com/show_bug.cgi?id=1210544 * https://bugzilla.suse.com/show_bug.cgi?id=1210629 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211275 * https://bugzilla.suse.com/show_bug.cgi?id=1211360 * https://bugzilla.suse.com/show_bug.cgi?id=1211361 * https://bugzilla.suse.com/show_bug.cgi?id=1211362 * https://bugzilla.suse.com/show_bug.cgi?id=1211363 * https://bugzilla.suse.com/show_bug.cgi?id=1211364 * https://bugzilla.suse.com/show_bug.cgi?id=1211365 * https://bugzilla.suse.com/show_bug.cgi?id=1211366 * https://bugzilla.suse.com/show_bug.cgi?id=1211466 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211801 * https://bugzilla.suse.com/show_bug.cgi?id=1211816 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:20 -0000 Subject: SUSE-SU-2023:2546-1: important: Security update for bluez Message-ID: <168717782079.21520.7800927491280819056@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:2546-1 Rating: important References: * #1210398 Cross-References: * CVE-2023-27349 CVSS scores: * CVE-2023-27349 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Linux Enterprise Workstation Extension 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2546=1 openSUSE-SLE-15.5-2023-2546=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2546=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2546=1 * SUSE Linux Enterprise Workstation Extension 15 SP5 zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-2546=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * bluez-test-debuginfo-5.65-150500.3.3.1 * bluez-obexd-5.65-150500.3.3.1 * libbluetooth3-debuginfo-5.65-150500.3.3.1 * bluez-debuginfo-5.65-150500.3.3.1 * bluez-debugsource-5.65-150500.3.3.1 * bluez-5.65-150500.3.3.1 * bluez-cups-5.65-150500.3.3.1 * bluez-deprecated-debuginfo-5.65-150500.3.3.1 * bluez-deprecated-5.65-150500.3.3.1 * libbluetooth3-5.65-150500.3.3.1 * bluez-obexd-debuginfo-5.65-150500.3.3.1 * bluez-test-5.65-150500.3.3.1 * bluez-devel-5.65-150500.3.3.1 * bluez-cups-debuginfo-5.65-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * bluez-auto-enable-devices-5.65-150500.3.3.1 * bluez-zsh-completion-5.65-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * libbluetooth3-32bit-debuginfo-5.65-150500.3.3.1 * libbluetooth3-32bit-5.65-150500.3.3.1 * bluez-devel-32bit-5.65-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * bluez-devel-64bit-5.65-150500.3.3.1 * libbluetooth3-64bit-debuginfo-5.65-150500.3.3.1 * libbluetooth3-64bit-5.65-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libbluetooth3-debuginfo-5.65-150500.3.3.1 * bluez-debuginfo-5.65-150500.3.3.1 * bluez-debugsource-5.65-150500.3.3.1 * bluez-5.65-150500.3.3.1 * libbluetooth3-5.65-150500.3.3.1 * Basesystem Module 15-SP5 (noarch) * bluez-zsh-completion-5.65-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.65-150500.3.3.1 * bluez-devel-5.65-150500.3.3.1 * bluez-debuginfo-5.65-150500.3.3.1 * SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64) * bluez-debugsource-5.65-150500.3.3.1 * bluez-debuginfo-5.65-150500.3.3.1 * bluez-cups-debuginfo-5.65-150500.3.3.1 * bluez-cups-5.65-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27349.html * https://bugzilla.suse.com/show_bug.cgi?id=1210398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:23 -0000 Subject: SUSE-SU-2023:2545-1: important: Security update for bluez Message-ID: <168717782391.21520.1451923756854194609@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:2545-1 Rating: important References: * #1210398 Cross-References: * CVE-2023-27349 CVSS scores: * CVE-2023-27349 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2545=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2545=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2545=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2545=1 ## Package List: * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libbluetooth3-debuginfo-5.48-150200.13.25.1 * bluez-debuginfo-5.48-150200.13.25.1 * libbluetooth3-5.48-150200.13.25.1 * bluez-devel-5.48-150200.13.25.1 * bluez-5.48-150200.13.25.1 * bluez-debugsource-5.48-150200.13.25.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libbluetooth3-debuginfo-5.48-150200.13.25.1 * bluez-debuginfo-5.48-150200.13.25.1 * libbluetooth3-5.48-150200.13.25.1 * bluez-devel-5.48-150200.13.25.1 * bluez-5.48-150200.13.25.1 * bluez-debugsource-5.48-150200.13.25.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libbluetooth3-debuginfo-5.48-150200.13.25.1 * bluez-debuginfo-5.48-150200.13.25.1 * libbluetooth3-5.48-150200.13.25.1 * bluez-devel-5.48-150200.13.25.1 * bluez-5.48-150200.13.25.1 * bluez-debugsource-5.48-150200.13.25.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libbluetooth3-debuginfo-5.48-150200.13.25.1 * bluez-debuginfo-5.48-150200.13.25.1 * libbluetooth3-5.48-150200.13.25.1 * bluez-devel-5.48-150200.13.25.1 * bluez-5.48-150200.13.25.1 * bluez-debugsource-5.48-150200.13.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27349.html * https://bugzilla.suse.com/show_bug.cgi?id=1210398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:26 -0000 Subject: SUSE-SU-2023:2544-1: important: Security update for kubernetes1.24 Message-ID: <168717782643.21520.8444784936370798100@smelt2.suse.de> # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2023:2544-1 Rating: important References: * #1211630 * #1211631 Cross-References: * CVE-2023-2727 * CVE-2023-2728 CVSS scores: * CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes1.24 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2544=1 openSUSE-SLE-15.5-2023-2544=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2544=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-kubelet-common-1.24.13-150500.3.3.1 * kubernetes1.24-client-1.24.13-150500.3.3.1 * kubernetes1.24-scheduler-1.24.13-150500.3.3.1 * kubernetes1.24-kubeadm-1.24.13-150500.3.3.1 * kubernetes1.24-client-common-1.24.13-150500.3.3.1 * kubernetes1.24-controller-manager-1.24.13-150500.3.3.1 * kubernetes1.24-apiserver-1.24.13-150500.3.3.1 * kubernetes1.24-kubelet-1.24.13-150500.3.3.1 * kubernetes1.24-proxy-1.24.13-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * kubernetes1.24-client-bash-completion-1.24.13-150500.3.3.1 * kubernetes1.24-client-fish-completion-1.24.13-150500.3.3.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-1.24.13-150500.3.3.1 * kubernetes1.24-client-common-1.24.13-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2727.html * https://www.suse.com/security/cve/CVE-2023-2728.html * https://bugzilla.suse.com/show_bug.cgi?id=1211630 * https://bugzilla.suse.com/show_bug.cgi?id=1211631 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:30 -0000 Subject: SUSE-SU-2023:2543-1: important: Security update for kubernetes1.23 Message-ID: <168717783008.21520.5686095473297930113@smelt2.suse.de> # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2023:2543-1 Rating: important References: * #1211630 * #1211631 Cross-References: * CVE-2023-2727 * CVE-2023-2728 CVSS scores: * CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2543=1 openSUSE-SLE-15.5-2023-2543=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2543=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-apiserver-1.23.17-150500.3.3.1 * kubernetes1.23-scheduler-1.23.17-150500.3.3.1 * kubernetes1.23-kubelet-common-1.23.17-150500.3.3.1 * kubernetes1.23-proxy-1.23.17-150500.3.3.1 * kubernetes1.23-controller-manager-1.23.17-150500.3.3.1 * kubernetes1.23-kubeadm-1.23.17-150500.3.3.1 * kubernetes1.23-client-1.23.17-150500.3.3.1 * kubernetes1.23-kubelet-1.23.17-150500.3.3.1 * kubernetes1.23-client-common-1.23.17-150500.3.3.1 * openSUSE Leap 15.5 (noarch) * kubernetes1.23-client-bash-completion-1.23.17-150500.3.3.1 * kubernetes1.23-client-fish-completion-1.23.17-150500.3.3.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.23-kubeadm-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-proxy-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-apiserver-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-controller-manager-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-client-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-scheduler-debuginfo-1.23.17-150500.3.3.1 * kubernetes1.23-kubelet-debuginfo-1.23.17-150500.3.3.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-1.23.17-150500.3.3.1 * kubernetes1.23-client-common-1.23.17-150500.3.3.1 * Containers Module 15-SP5 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2727.html * https://www.suse.com/security/cve/CVE-2023-2728.html * https://bugzilla.suse.com/show_bug.cgi?id=1211630 * https://bugzilla.suse.com/show_bug.cgi?id=1211631 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:32 -0000 Subject: SUSE-SU-2023:2542-1: important: Security update for kubernetes1.23 Message-ID: <168717783275.21520.9406940857087914645@smelt2.suse.de> # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2023:2542-1 Rating: important References: * #1211630 * #1211631 Cross-References: * CVE-2023-2727 * CVE-2023-2728 CVSS scores: * CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2542=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2542=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2542=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2542=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2542=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2542=1 ## Package List: * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150300.7.9.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.23-client-common-1.23.17-150300.7.9.1 * kubernetes1.23-client-1.23.17-150300.7.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2727.html * https://www.suse.com/security/cve/CVE-2023-2728.html * https://bugzilla.suse.com/show_bug.cgi?id=1211630 * https://bugzilla.suse.com/show_bug.cgi?id=1211631 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 12:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 12:30:35 -0000 Subject: SUSE-SU-2023:2541-1: important: Security update for kubernetes1.18 Message-ID: <168717783578.21520.18186157525714802564@smelt2.suse.de> # Security update for kubernetes1.18 Announcement ID: SUSE-SU-2023:2541-1 Rating: important References: * #1211630 * #1211631 Cross-References: * CVE-2023-2727 * CVE-2023-2728 CVSS scores: * CVE-2023-2727 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N * CVE-2023-2728 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities can now be installed. ## Description: This update for kubernetes1.18 fixes the following issues: * CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630). * CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2541=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2541=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2541=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2541=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2541=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2541=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2541=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2541=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2541=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2541=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2541=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * openSUSE Leap 15.4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.10.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * Containers Module 15-SP4 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * kubernetes1.18-client-debuginfo-1.18.10-150200.5.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kubernetes1.18-client-1.18.10-150200.5.10.1 * kubernetes1.18-client-common-1.18.10-150200.5.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2727.html * https://www.suse.com/security/cve/CVE-2023-2728.html * https://bugzilla.suse.com/show_bug.cgi?id=1211630 * https://bugzilla.suse.com/show_bug.cgi?id=1211631 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 16:30:13 -0000 Subject: SUSE-RU-2023:2550-1: moderate: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Message-ID: <168719221364.27315.6038113071412665096@smelt2.suse.de> # Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Announcement ID: SUSE-RU-2023:2550-1 Rating: moderate References: * #1191112 * #1198097 * #1199020 * #1202234 * #1209565 * #1210591 * #1211354 * #1212187 * #1212189 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has nine recommended fixes can now be installed. ## Description: This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: * Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: * Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: * Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) * Fixed loading icons from an absolute path (bsc#1210591) * Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) * Force messages from .ui file through our translation mechanism (bsc#1198097) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2550=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2550=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2550=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2550=1 * SUSE Linux Enterprise High Performance Computing 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2550=1 * SUSE Linux Enterprise Server 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2550=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2550=1 * SUSE Linux Enterprise Desktop 15 SP5 zypper in -t patch SUSE-SLE-INSTALLER-15-SP5-2023-2550=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2550=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2550=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2550=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2550=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2550=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2550=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2550=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2550=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2550=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2550=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * libzck-devel-1.1.16-150400.3.4.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * openSUSE Leap 15.4 (noarch) * yast2-pkg-bindings-devel-doc-4.4.6-150400.3.6.1 * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ruby-yui-debuginfo-4.3.7-150400.3.3.1 * libyui16-debuginfo-4.3.7-150400.3.3.1 * libsolv-devel-0.7.24-150400.3.8.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libyui-qt-debugsource-4.3.7-150400.3.3.1 * libyui-qt-devel-4.3.7-150400.3.3.1 * libyui-bindings-debuginfo-4.3.7-150400.3.3.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-demo-0.7.24-150400.3.8.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * perl-solv-debuginfo-0.7.24-150400.3.8.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libzypp-devel-17.31.13-150400.3.32.1 * libyui-bindings-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses-pkg-devel-4.3.7-150400.3.3.1 * libyui-qt-rest-api-debugsource-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api-debugsource-4.3.7-150400.3.3.1 * python3-solv-debuginfo-0.7.24-150400.3.8.1 * libyui-qt-pkg-debugsource-4.3.7-150400.3.3.1 * libyui-rest-api-debugsource-4.3.7-150400.3.3.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libyui-qt-rest-api-devel-4.3.7-150400.3.3.1 * libzypp-devel-doc-17.31.13-150400.3.32.1 * python-solv-debuginfo-0.7.24-150400.3.8.1 * python3-yui-4.3.7-150400.3.3.1 * libzypp-17.31.13-150400.3.32.1 * perl-solv-0.7.24-150400.3.8.1 * libyui-qt-pkg16-debuginfo-4.3.7-150400.3.3.1 * libyui-qt-rest-api16-debuginfo-4.3.7-150400.3.3.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses-pkg-debugsource-4.3.7-150400.3.3.1 * yast2-pkg-bindings-debugsource-4.4.6-150400.3.6.1 * libsolv-devel-debuginfo-0.7.24-150400.3.8.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * python-solv-0.7.24-150400.3.8.1 * ruby-yui-4.3.7-150400.3.3.1 * libyui-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses16-debuginfo-4.3.7-150400.3.3.1 * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * zchunk-1.1.16-150400.3.4.1 * perl-yui-4.3.7-150400.3.3.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * libyui-rest-api-devel-4.3.7-150400.3.3.1 * libyui-qt-graph16-debuginfo-4.3.7-150400.3.3.1 * python3-yui-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-debugsource-4.3.7-150400.3.3.1 * libyui-rest-api16-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-tools-4.3.7-150400.3.3.1 * libyui-qt-pkg-devel-4.3.7-150400.3.3.1 * ruby-solv-debuginfo-0.7.24-150400.3.8.1 * libyui-qt16-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-devel-4.3.7-150400.3.3.1 * libyui-ncurses-pkg16-debuginfo-4.3.7-150400.3.3.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * python3-solv-0.7.24-150400.3.8.1 * libyui-qt-graph-devel-4.3.7-150400.3.3.1 * ruby-solv-0.7.24-150400.3.8.1 * yast2-pkg-bindings-debuginfo-4.4.6-150400.3.6.1 * libsolv-demo-debuginfo-0.7.24-150400.3.8.1 * libzck1-debuginfo-1.1.16-150400.3.4.1 * perl-yui-debuginfo-4.3.7-150400.3.3.1 * libzck-devel-1.1.16-150400.3.4.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * libyui-qt-graph-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api-devel-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-devel-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-debuginfo-4.3.7-150400.3.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsolv-devel-0.7.24-150400.3.8.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-demo-0.7.24-150400.3.8.1 * perl-solv-debuginfo-0.7.24-150400.3.8.1 * libzypp-devel-17.31.13-150400.3.32.1 * python3-solv-debuginfo-0.7.24-150400.3.8.1 * libzypp-devel-doc-17.31.13-150400.3.32.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * python-solv-debuginfo-0.7.24-150400.3.8.1 * libzypp-17.31.13-150400.3.32.1 * perl-solv-0.7.24-150400.3.8.1 * libsolv-devel-debuginfo-0.7.24-150400.3.8.1 * python-solv-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * ruby-solv-debuginfo-0.7.24-150400.3.8.1 * python3-solv-0.7.24-150400.3.8.1 * ruby-solv-0.7.24-150400.3.8.1 * libsolv-demo-debuginfo-0.7.24-150400.3.8.1 * libzck1-debuginfo-1.1.16-150400.3.4.1 * libzck-devel-1.1.16-150400.3.4.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libsolv-tools-0.7.24-150400.3.8.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Manager Server 4.3 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Manager Proxy 4.3 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * SUSE Manager Proxy 4.3 (x86_64) * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * SUSE Linux Enterprise High Performance Computing 15 SP5 (aarch64 x86_64) * libzypp-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * SUSE Linux Enterprise Server 15 SP5 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * libzypp-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * SUSE Linux Enterprise Desktop 15 SP5 (x86_64) * libzypp-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * libzck-devel-1.1.16-150400.3.4.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * libzck-devel-1.1.16-150400.3.4.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * libsolv-tools-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * Basesystem Module 15-SP4 (noarch) * autoyast2-4.4.45-150400.3.19.1 * autoyast2-installation-4.4.45-150400.3.19.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libyui16-debuginfo-4.3.7-150400.3.3.1 * libsolv-devel-0.7.24-150400.3.8.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libyui-qt-debugsource-4.3.7-150400.3.3.1 * libyui-qt-devel-4.3.7-150400.3.3.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * yast2-pkg-bindings-4.4.6-150400.3.6.1 * libyui-ncurses16-4.3.7-150400.3.3.1 * libzypp-devel-17.31.13-150400.3.32.1 * libyui-ncurses-pkg-devel-4.3.7-150400.3.3.1 * python3-solv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libzypp-17.31.13-150400.3.32.1 * libyui16-4.3.7-150400.3.3.1 * libyui-ncurses-pkg-debugsource-4.3.7-150400.3.3.1 * yast2-pkg-bindings-debugsource-4.4.6-150400.3.6.1 * libsolv-devel-debuginfo-0.7.24-150400.3.8.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * libyui-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses16-debuginfo-4.3.7-150400.3.3.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * libyui-qt-graph16-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses-tools-4.3.7-150400.3.3.1 * ruby-solv-debuginfo-0.7.24-150400.3.8.1 * libyui-qt16-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-devel-4.3.7-150400.3.3.1 * libyui-ncurses-pkg16-debuginfo-4.3.7-150400.3.3.1 * libyui-qt-graph16-4.3.7-150400.3.3.1 * python3-solv-0.7.24-150400.3.8.1 * libyui-qt-graph-devel-4.3.7-150400.3.3.1 * ruby-solv-0.7.24-150400.3.8.1 * yast2-pkg-bindings-debuginfo-4.4.6-150400.3.6.1 * libzck1-debuginfo-1.1.16-150400.3.4.1 * libzck-devel-1.1.16-150400.3.4.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libyui-ncurses-pkg16-4.3.7-150400.3.3.1 * libyui-qt-graph-debugsource-4.3.7-150400.3.3.1 * libsolv-tools-0.7.24-150400.3.8.1 * libyui-devel-4.3.7-150400.3.3.1 * libyui-qt16-4.3.7-150400.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libzck1-debuginfo-1.1.16-150400.3.4.1 * python3-solv-debuginfo-0.7.24-150400.3.8.1 * libzck-devel-1.1.16-150400.3.4.1 * zchunk-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * libsolv-devel-0.7.24-150400.3.8.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libsolv-tools-debuginfo-0.7.24-150400.3.8.1 * libzck1-1.1.16-150400.3.4.1 * libzypp-17.31.13-150400.3.32.1 * libzypp-debugsource-17.31.13-150400.3.32.1 * ruby-solv-0.7.24-150400.3.8.1 * ruby-solv-debuginfo-0.7.24-150400.3.8.1 * libsolv-tools-0.7.24-150400.3.8.1 * python3-solv-0.7.24-150400.3.8.1 * libsolv-devel-debuginfo-0.7.24-150400.3.8.1 * libzypp-devel-17.31.13-150400.3.32.1 * libzypp-debuginfo-17.31.13-150400.3.32.1 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libyui-qt-pkg-devel-4.3.7-150400.3.3.1 * libyui-qt-pkg16-debuginfo-4.3.7-150400.3.3.1 * libyui-qt-pkg16-4.3.7-150400.3.3.1 * libyui-qt-pkg-debugsource-4.3.7-150400.3.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libyui-qt-rest-api-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api-debugsource-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-4.3.7-150400.3.3.1 * libyui-qt-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api-debugsource-4.3.7-150400.3.3.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libyui-qt-rest-api-devel-4.3.7-150400.3.3.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * libyui-rest-api-devel-4.3.7-150400.3.3.1 * libyui-rest-api16-4.3.7-150400.3.3.1 * libyui-rest-api16-debuginfo-4.3.7-150400.3.3.1 * perl-solv-0.7.24-150400.3.8.1 * libyui-qt-rest-api16-debuginfo-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api-devel-4.3.7-150400.3.3.1 * libyui-ncurses-rest-api16-debuginfo-4.3.7-150400.3.3.1 * perl-solv-debuginfo-0.7.24-150400.3.8.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * perl-solv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debuginfo-0.7.24-150400.3.8.1 * libsolv-debugsource-0.7.24-150400.3.8.1 * perl-solv-0.7.24-150400.3.8.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * libzck-devel-1.1.16-150400.3.4.1 * zchunk-debugsource-1.1.16-150400.3.4.1 * zchunk-debuginfo-1.1.16-150400.3.4.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1191112 * https://bugzilla.suse.com/show_bug.cgi?id=1198097 * https://bugzilla.suse.com/show_bug.cgi?id=1199020 * https://bugzilla.suse.com/show_bug.cgi?id=1202234 * https://bugzilla.suse.com/show_bug.cgi?id=1209565 * https://bugzilla.suse.com/show_bug.cgi?id=1210591 * https://bugzilla.suse.com/show_bug.cgi?id=1211354 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 * https://bugzilla.suse.com/show_bug.cgi?id=1212189 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 16:30:16 -0000 Subject: SUSE-RU-2023:2549-1: moderate: Recommended update for qemu Message-ID: <168719221691.27315.2936309632516692986@smelt2.suse.de> # Recommended update for qemu Announcement ID: SUSE-RU-2023:2549-1 Rating: moderate References: * #1211000 * #1211697 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for qemu fixes the following issues: * vCPU stalls in Qemu with NFS storage (bsc#1211000) * The SMBIOS tables are not being filled out correctly (bsc#bsc#1211697) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2549=1 openSUSE-SLE-15.5-2023-2549=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2549=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2549=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * qemu-ui-opengl-7.1.0-150500.49.3.1 * qemu-7.1.0-150500.49.3.1 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1 * qemu-ksm-7.1.0-150500.49.3.1 * qemu-linux-user-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-smartcard-debuginfo-7.1.0-150500.49.3.1 * qemu-block-gluster-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-smartcard-7.1.0-150500.49.3.1 * qemu-ivshmem-tools-7.1.0-150500.49.3.1 * qemu-accel-qtest-7.1.0-150500.49.3.1 * qemu-audio-alsa-7.1.0-150500.49.3.1 * qemu-audio-jack-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-jack-7.1.0-150500.49.3.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-host-7.1.0-150500.49.3.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.3.1 * qemu-chardev-baum-7.1.0-150500.49.3.1 * qemu-ui-curses-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.3.1 * qemu-vhost-user-gpu-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.3.1 * qemu-x86-7.1.0-150500.49.3.1 * qemu-block-nfs-debuginfo-7.1.0-150500.49.3.1 * qemu-block-ssh-7.1.0-150500.49.3.1 * qemu-block-ssh-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-spice-app-7.1.0-150500.49.3.1 * qemu-linux-user-debugsource-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-dbus-7.1.0-150500.49.3.1 * qemu-chardev-spice-7.1.0-150500.49.3.1 * qemu-ui-gtk-7.1.0-150500.49.3.1 * qemu-ui-spice-core-7.1.0-150500.49.3.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.3.1 * qemu-arm-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-pa-7.1.0-150500.49.3.1 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.3.1 * qemu-accel-tcg-x86-7.1.0-150500.49.3.1 * qemu-ivshmem-tools-debuginfo-7.1.0-150500.49.3.1 * qemu-ppc-7.1.0-150500.49.3.1 * qemu-audio-oss-debuginfo-7.1.0-150500.49.3.1 * qemu-extra-7.1.0-150500.49.3.1 * qemu-tools-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.3.1 * qemu-extra-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-oss-7.1.0-150500.49.3.1 * qemu-vhost-user-gpu-7.1.0-150500.49.3.1 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.3.1 * qemu-block-dmg-7.1.0-150500.49.3.1 * qemu-audio-spice-7.1.0-150500.49.3.1 * qemu-hw-display-qxl-7.1.0-150500.49.3.1 * qemu-hw-usb-redirect-7.1.0-150500.49.3.1 * qemu-x86-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.3.1 * qemu-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1 * qemu-debugsource-7.1.0-150500.49.3.1 * qemu-block-iscsi-7.1.0-150500.49.3.1 * qemu-block-curl-7.1.0-150500.49.3.1 * qemu-s390x-debuginfo-7.1.0-150500.49.3.1 * qemu-accel-qtest-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1 * qemu-block-gluster-7.1.0-150500.49.3.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.3.1 * qemu-ppc-debuginfo-7.1.0-150500.49.3.1 * qemu-headless-7.1.0-150500.49.3.1 * qemu-audio-alsa-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-curses-7.1.0-150500.49.3.1 * qemu-audio-pa-debuginfo-7.1.0-150500.49.3.1 * qemu-lang-7.1.0-150500.49.3.1 * qemu-linux-user-7.1.0-150500.49.3.1 * qemu-block-nfs-7.1.0-150500.49.3.1 * qemu-block-dmg-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-dbus-7.1.0-150500.49.3.1 * qemu-arm-7.1.0-150500.49.3.1 * qemu-chardev-spice-debuginfo-7.1.0-150500.49.3.1 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.3.1 * qemu-guest-agent-7.1.0-150500.49.3.1 * qemu-s390x-7.1.0-150500.49.3.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.3.1 * qemu-tools-7.1.0-150500.49.3.1 * openSUSE Leap 15.5 (s390x x86_64 i586) * qemu-kvm-7.1.0-150500.49.3.1 * openSUSE Leap 15.5 (noarch) * qemu-microvm-7.1.0-150500.49.3.1 * qemu-seabios-1.16.0_0_gd239552-150500.49.3.1 * qemu-SLOF-7.1.0-150500.49.3.1 * qemu-sgabios-8-150500.49.3.1 * qemu-skiboot-7.1.0-150500.49.3.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.3.1 * qemu-ipxe-1.0.0+-150500.49.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-block-rbd-debuginfo-7.1.0-150500.49.3.1 * qemu-block-rbd-7.1.0-150500.49.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-tools-debuginfo-7.1.0-150500.49.3.1 * qemu-debuginfo-7.1.0-150500.49.3.1 * qemu-tools-7.1.0-150500.49.3.1 * qemu-debugsource-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * qemu-chardev-baum-7.1.0-150500.49.3.1 * qemu-ui-curses-debuginfo-7.1.0-150500.49.3.1 * qemu-block-rbd-debuginfo-7.1.0-150500.49.3.1 * qemu-block-iscsi-7.1.0-150500.49.3.1 * qemu-block-curl-7.1.0-150500.49.3.1 * qemu-audio-dbus-debuginfo-7.1.0-150500.49.3.1 * qemu-7.1.0-150500.49.3.1 * qemu-ui-dbus-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-curses-7.1.0-150500.49.3.1 * qemu-lang-7.1.0-150500.49.3.1 * qemu-ksm-7.1.0-150500.49.3.1 * qemu-block-ssh-7.1.0-150500.49.3.1 * qemu-audio-dbus-7.1.0-150500.49.3.1 * qemu-block-ssh-debuginfo-7.1.0-150500.49.3.1 * qemu-chardev-baum-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-dbus-7.1.0-150500.49.3.1 * qemu-guest-agent-7.1.0-150500.49.3.1 * qemu-block-rbd-7.1.0-150500.49.3.1 * qemu-hw-usb-host-debuginfo-7.1.0-150500.49.3.1 * qemu-block-iscsi-debuginfo-7.1.0-150500.49.3.1 * qemu-block-curl-debuginfo-7.1.0-150500.49.3.1 * qemu-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-host-7.1.0-150500.49.3.1 * qemu-guest-agent-debuginfo-7.1.0-150500.49.3.1 * qemu-debugsource-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (aarch64) * qemu-arm-debuginfo-7.1.0-150500.49.3.1 * qemu-arm-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le x86_64) * qemu-chardev-spice-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-spice-7.1.0-150500.49.3.1 * qemu-audio-spice-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-qxl-7.1.0-150500.49.3.1 * qemu-ui-gtk-7.1.0-150500.49.3.1 * qemu-ui-spice-app-7.1.0-150500.49.3.1 * qemu-hw-usb-redirect-7.1.0-150500.49.3.1 * qemu-ui-gtk-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-opengl-7.1.0-150500.49.3.1 * qemu-ui-spice-core-7.1.0-150500.49.3.1 * qemu-ui-spice-core-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-qxl-debuginfo-7.1.0-150500.49.3.1 * qemu-ui-spice-app-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-vga-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-usb-redirect-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-vga-7.1.0-150500.49.3.1 * qemu-ui-opengl-debuginfo-7.1.0-150500.49.3.1 * qemu-chardev-spice-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (noarch) * qemu-seabios-1.16.0_0_gd239552-150500.49.3.1 * qemu-SLOF-7.1.0-150500.49.3.1 * qemu-sgabios-8-150500.49.3.1 * qemu-skiboot-7.1.0-150500.49.3.1 * qemu-vgabios-1.16.0_0_gd239552-150500.49.3.1 * qemu-ipxe-1.0.0+-150500.49.3.1 * Server Applications Module 15-SP5 (ppc64le) * qemu-ppc-debuginfo-7.1.0-150500.49.3.1 * qemu-ppc-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (s390x x86_64) * qemu-hw-display-virtio-gpu-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-debuginfo-7.1.0-150500.49.3.1 * qemu-kvm-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-display-virtio-gpu-pci-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (s390x) * qemu-s390x-7.1.0-150500.49.3.1 * qemu-s390x-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-7.1.0-150500.49.3.1 * qemu-hw-s390x-virtio-gpu-ccw-7.1.0-150500.49.3.1 * Server Applications Module 15-SP5 (x86_64) * qemu-audio-alsa-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-alsa-7.1.0-150500.49.3.1 * qemu-audio-pa-debuginfo-7.1.0-150500.49.3.1 * qemu-accel-tcg-x86-debuginfo-7.1.0-150500.49.3.1 * qemu-x86-debuginfo-7.1.0-150500.49.3.1 * qemu-audio-pa-7.1.0-150500.49.3.1 * qemu-accel-tcg-x86-7.1.0-150500.49.3.1 * qemu-x86-7.1.0-150500.49.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211000 * https://bugzilla.suse.com/show_bug.cgi?id=1211697 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 16:30:21 -0000 Subject: SUSE-RU-2023:2548-1: moderate: Recommended update for qemu Message-ID: <168719222130.27315.7734452715119820906@smelt2.suse.de> # Recommended update for qemu Announcement ID: SUSE-RU-2023:2548-1 Rating: moderate References: * #1206524 * #1211000 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that has two recommended fixes can now be installed. ## Description: This update for qemu fixes the following issues: * vCPU stalls in Qemu with NFS storage (bsc#1211000) * Timer issues and RCU stalls after suspending and resuming an IBM Secure Execution guest (bsc#1206524) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2548=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2548=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2548=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2548=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2548=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2548=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2548=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2548=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2548=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2548=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2548=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2548=1 ## Package List: * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le x86_64) * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * qemu-SLOF-5.2.0-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-skiboot-5.2.0-150300.124.1 * qemu-ipxe-1.0.0+-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.124.1 * qemu-ppc-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.124.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.124.1 * qemu-s390x-debuginfo-5.2.0-150300.124.1 * qemu-s390x-5.2.0-150300.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * qemu-SLOF-5.2.0-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-skiboot-5.2.0-150300.124.1 * qemu-ipxe-1.0.0+-150300.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.124.1 * qemu-ppc-5.2.0-150300.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Manager Proxy 4.2 (x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Manager Proxy 4.2 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * SUSE Manager Server 4.2 (noarch) * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * qemu-SLOF-5.2.0-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-skiboot-5.2.0-150300.124.1 * qemu-ipxe-1.0.0+-150300.124.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Manager Server 4.2 (ppc64le) * qemu-ppc-debuginfo-5.2.0-150300.124.1 * qemu-ppc-5.2.0-150300.124.1 * SUSE Manager Server 4.2 (s390x x86_64) * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Manager Server 4.2 (s390x) * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-5.2.0-150300.124.1 * qemu-hw-s390x-virtio-gpu-ccw-5.2.0-150300.124.1 * qemu-s390x-debuginfo-5.2.0-150300.124.1 * qemu-s390x-5.2.0-150300.124.1 * SUSE Manager Server 4.2 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * qemu-block-iscsi-5.2.0-150300.124.1 * qemu-ui-curses-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-ui-curses-5.2.0-150300.124.1 * qemu-block-curl-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-block-iscsi-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-debuginfo-5.2.0-150300.124.1 * qemu-ui-gtk-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-chardev-baum-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-block-curl-debuginfo-5.2.0-150300.124.1 * qemu-lang-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-block-ssh-5.2.0-150300.124.1 * qemu-ksm-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-ui-gtk-debuginfo-5.2.0-150300.124.1 * qemu-block-rbd-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-app-5.2.0-150300.124.1 * SUSE Enterprise Storage 7.1 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Enterprise Storage 7.1 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Enterprise Storage 7.1 (x86_64) * qemu-audio-alsa-debuginfo-5.2.0-150300.124.1 * qemu-audio-alsa-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-x86-5.2.0-150300.124.1 * qemu-kvm-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-5.2.0-150300.124.1 * qemu-audio-pa-5.2.0-150300.124.1 * qemu-audio-pa-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * qemu-debugsource-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.124.1 * qemu-s390x-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * qemu-x86-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.124.1 * qemu-s390x-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * qemu-x86-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * qemu-hw-display-virtio-vga-5.2.0-150300.124.1 * qemu-audio-spice-5.2.0-150300.124.1 * qemu-hw-display-qxl-debuginfo-5.2.0-150300.124.1 * qemu-ui-opengl-5.2.0-150300.124.1 * qemu-chardev-spice-5.2.0-150300.124.1 * qemu-ui-spice-core-debuginfo-5.2.0-150300.124.1 * qemu-5.2.0-150300.124.1 * qemu-hw-usb-redirect-debuginfo-5.2.0-150300.124.1 * qemu-tools-debuginfo-5.2.0-150300.124.1 * qemu-ui-spice-core-5.2.0-150300.124.1 * qemu-debuginfo-5.2.0-150300.124.1 * qemu-hw-display-qxl-5.2.0-150300.124.1 * qemu-tools-5.2.0-150300.124.1 * qemu-audio-spice-debuginfo-5.2.0-150300.124.1 * qemu-chardev-spice-debuginfo-5.2.0-150300.124.1 * qemu-ui-opengl-debuginfo-5.2.0-150300.124.1 * qemu-debugsource-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-5.2.0-150300.124.1 * qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-5.2.0-150300.124.1 * qemu-hw-usb-redirect-5.2.0-150300.124.1 * qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.124.1 * qemu-guest-agent-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64) * qemu-arm-5.2.0-150300.124.1 * qemu-arm-debuginfo-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * qemu-ipxe-1.0.0+-150300.124.1 * qemu-vgabios-1.14.0_0_g155821a-150300.124.1 * qemu-seabios-1.14.0_0_g155821a-150300.124.1 * qemu-sgabios-8-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (s390x) * qemu-s390x-debuginfo-5.2.0-150300.124.1 * qemu-s390x-5.2.0-150300.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * qemu-x86-5.2.0-150300.124.1 * qemu-x86-debuginfo-5.2.0-150300.124.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206524 * https://bugzilla.suse.com/show_bug.cgi?id=1211000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 19 16:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 19 Jun 2023 16:30:24 -0000 Subject: SUSE-RU-2023:2547-1: moderate: Recommended update for qemu Message-ID: <168719222472.27315.11269052107059478753@smelt2.suse.de> # Recommended update for qemu Announcement ID: SUSE-RU-2023:2547-1 Rating: moderate References: * #1211000 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for qemu fixes the following issues: * vCPU stalls in Qemu with NFS storage (bsc#1211000) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2547=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2547=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2547=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2547=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2547=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2547=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2547=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2547=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2547=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * openSUSE Leap Micro 5.3 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * openSUSE Leap Micro 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-sgabios-8-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * openSUSE Leap Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-ui-curses-6.2.0-150400.37.17.1 * qemu-ivshmem-tools-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-ppc-debuginfo-6.2.0-150400.37.17.1 * qemu-lang-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-app-6.2.0-150400.37.17.1 * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-block-dmg-6.2.0-150400.37.17.1 * qemu-block-iscsi-6.2.0-150400.37.17.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.17.1 * qemu-block-curl-6.2.0-150400.37.17.1 * qemu-audio-pa-6.2.0-150400.37.17.1 * qemu-block-dmg-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-block-nfs-6.2.0-150400.37.17.1 * qemu-block-nfs-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.17.1 * qemu-accel-qtest-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.17.1 * qemu-hw-usb-smartcard-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.17.1 * qemu-testsuite-6.2.0-150400.37.17.2 * qemu-vhost-user-gpu-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ivshmem-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-alsa-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-usb-smartcard-6.2.0-150400.37.17.1 * qemu-ksm-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.17.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.17.1 * qemu-block-ssh-6.2.0-150400.37.17.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-baum-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-extra-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.17.1 * qemu-linux-user-debugsource-6.2.0-150400.37.17.1 * qemu-vhost-user-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-audio-jack-6.2.0-150400.37.17.1 * qemu-block-gluster-6.2.0-150400.37.17.1 * qemu-s390x-6.2.0-150400.37.17.1 * qemu-block-gluster-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-oss-debuginfo-6.2.0-150400.37.17.1 * qemu-accel-qtest-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-linux-user-6.2.0-150400.37.17.1 * qemu-hw-usb-host-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * qemu-ppc-6.2.0-150400.37.17.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-gtk-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-extra-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-linux-user-debuginfo-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-jack-debuginfo-6.2.0-150400.37.17.1 * qemu-block-rbd-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * openSUSE Leap 15.4 (noarch) * qemu-sgabios-8-150400.37.17.1 * qemu-skiboot-6.2.0-150400.37.17.1 * qemu-SLOF-6.2.0-150400.37.17.1 * qemu-microvm-6.2.0-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * openSUSE Leap 15.4 (s390x x86_64) * qemu-kvm-6.2.0-150400.37.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * qemu-testsuite-6.2.0-150400.37.17.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-sgabios-8-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.3 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-sgabios-8-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * SUSE Linux Enterprise Micro 5.3 (s390x) * qemu-s390x-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-sgabios-8-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-sgabios-8-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * SUSE Linux Enterprise Micro 5.4 (s390x) * qemu-s390x-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-tools-debuginfo-6.2.0-150400.37.17.1 * qemu-tools-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * qemu-guest-agent-6.2.0-150400.37.17.1 * qemu-ui-curses-6.2.0-150400.37.17.1 * qemu-lang-6.2.0-150400.37.17.1 * qemu-block-iscsi-6.2.0-150400.37.17.1 * qemu-block-curl-debuginfo-6.2.0-150400.37.17.1 * qemu-block-curl-6.2.0-150400.37.17.1 * qemu-chardev-baum-debuginfo-6.2.0-150400.37.17.1 * qemu-6.2.0-150400.37.17.1 * qemu-ksm-6.2.0-150400.37.17.1 * qemu-ui-curses-debuginfo-6.2.0-150400.37.17.1 * qemu-block-ssh-debuginfo-6.2.0-150400.37.17.1 * qemu-block-ssh-6.2.0-150400.37.17.1 * qemu-block-iscsi-debuginfo-6.2.0-150400.37.17.1 * qemu-chardev-baum-6.2.0-150400.37.17.1 * qemu-hw-usb-host-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-usb-host-6.2.0-150400.37.17.1 * qemu-block-rbd-debuginfo-6.2.0-150400.37.17.1 * qemu-debugsource-6.2.0-150400.37.17.1 * qemu-guest-agent-debuginfo-6.2.0-150400.37.17.1 * qemu-debuginfo-6.2.0-150400.37.17.1 * qemu-block-rbd-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (aarch64) * qemu-arm-debuginfo-6.2.0-150400.37.17.1 * qemu-arm-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (aarch64 ppc64le x86_64) * qemu-chardev-spice-6.2.0-150400.37.17.1 * qemu-ui-gtk-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-opengl-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-6.2.0-150400.37.17.1 * qemu-ui-gtk-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-usb-redirect-6.2.0-150400.37.17.1 * qemu-ui-opengl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-app-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-qxl-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-app-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-vga-6.2.0-150400.37.17.1 * qemu-chardev-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-spice-debuginfo-6.2.0-150400.37.17.1 * qemu-ui-spice-core-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (noarch) * qemu-sgabios-8-150400.37.17.1 * qemu-skiboot-6.2.0-150400.37.17.1 * qemu-SLOF-6.2.0-150400.37.17.1 * qemu-seabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * qemu-ipxe-1.0.0+-150400.37.17.1 * qemu-vgabios-1.15.0_0_g2dd4b9b-150400.37.17.1 * Server Applications Module 15-SP4 (ppc64le) * qemu-ppc-6.2.0-150400.37.17.1 * qemu-ppc-debuginfo-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (s390x x86_64) * qemu-kvm-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-pci-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-pci-6.2.0-150400.37.17.1 * qemu-hw-display-virtio-gpu-debuginfo-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (s390x) * qemu-s390x-6.2.0-150400.37.17.1 * qemu-hw-s390x-virtio-gpu-ccw-debuginfo-6.2.0-150400.37.17.1 * qemu-s390x-debuginfo-6.2.0-150400.37.17.1 * qemu-hw-s390x-virtio-gpu-ccw-6.2.0-150400.37.17.1 * Server Applications Module 15-SP4 (x86_64) * qemu-accel-tcg-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-x86-6.2.0-150400.37.17.1 * qemu-audio-alsa-6.2.0-150400.37.17.1 * qemu-accel-tcg-x86-6.2.0-150400.37.17.1 * qemu-x86-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-pa-6.2.0-150400.37.17.1 * qemu-audio-alsa-debuginfo-6.2.0-150400.37.17.1 * qemu-audio-pa-debuginfo-6.2.0-150400.37.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211000 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 09:14:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 09:14:32 -0000 Subject: SUSE-SU-2023:2552-1: important: Security update for libwebp Message-ID: <168725247265.4166.3201628035188908160@smelt2.suse.de> # Security update for libwebp Announcement ID: SUSE-SU-2023:2552-1 Rating: important References: * #1210212 Cross-References: * CVE-2023-1999 CVSS scores: * CVE-2023-1999 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 8 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for libwebp fixes the following issues: * CVE-2023-1999: Fixed double free (bsc#1210212). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2552=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2552=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2552=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2552=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2552=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2552=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2552=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2552=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2552=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2552=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2552=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2552=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2552=1 ## Package List: * HPE Helion OpenStack 8 (x86_64) * libwebpmux1-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * SUSE OpenStack Cloud 8 (x86_64) * libwebpmux1-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * SUSE OpenStack Cloud 9 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebpdemux1-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * libwebpmux1-0.4.3-4.10.1 * SUSE OpenStack Cloud Crowbar 8 (x86_64) * libwebpmux1-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebpdemux1-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * libwebpmux1-0.4.3-4.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libwebp-debugsource-0.4.3-4.10.1 * libwebp-devel-0.4.3-4.10.1 * libwebpdecoder1-0.4.3-4.10.1 * libwebpmux1-debuginfo-0.4.3-4.10.1 * libwebpmux1-0.4.3-4.10.1 * libwebpdecoder1-debuginfo-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebpdemux1-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libwebpdemux1-0.4.3-4.10.1 * libwebp5-debuginfo-0.4.3-4.10.1 * libwebp-debugsource-0.4.3-4.10.1 * libwebpdemux1-debuginfo-0.4.3-4.10.1 * libwebp5-0.4.3-4.10.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libwebp5-32bit-0.4.3-4.10.1 * libwebp5-debuginfo-32bit-0.4.3-4.10.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1999.html * https://bugzilla.suse.com/show_bug.cgi?id=1210212 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 13:26:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 13:26:00 -0000 Subject: SUSE-RU-2023:2554-1: critical: Recommended update for nvme-stas Message-ID: <168726756026.1233.302542071906860583@smelt2.suse.de> # Recommended update for nvme-stas Announcement ID: SUSE-RU-2023:2554-1 Rating: critical References: * #1211557 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for nvme-stas fixes the following issues: * Update to version 2.2.2: * Fix python crash caused by wrong transport identifier handling. (bsc#1211557) * staslib: Fix setting controller DHCHAP key (bsc#1211557) ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2554=1 openSUSE-SLE-15.5-2023-2554=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2554=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nvme-stas-2.2.2-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nvme-stas-2.2.2-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211557 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 13:26:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 13:26:02 -0000 Subject: SUSE-RU-2023:2553-1: moderate: Recommended update for grub2 Message-ID: <168726756288.1233.11090827875760969543@smelt2.suse.de> # Recommended update for grub2 Announcement ID: SUSE-RU-2023:2553-1 Rating: moderate References: * #1182012 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that has one recommended fix can now be installed. ## Description: This update for grub2 fixes the following issues: * Fix error grub_file_filters not found in Azure virtual machine (bsc#1182012) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2553=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2553=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2553=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2553=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2553=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2553=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2553=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2553=1 ## Package List: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 s390x x86_64) * grub2-debugsource-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x) * grub2-s390x-emu-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * grub2-arm64-efi-2.02-164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * grub2-arm64-efi-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 s390x x86_64) * grub2-debugsource-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (s390x) * grub2-s390x-emu-2.02-164.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le) * grub2-powerpc-ieee1275-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE OpenStack Cloud 9 (x86_64) * grub2-2.02-164.1 * grub2-i386-pc-2.02-164.1 * grub2-x86_64-efi-2.02-164.1 * grub2-debuginfo-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE OpenStack Cloud 9 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * grub2-2.02-164.1 * grub2-i386-pc-2.02-164.1 * grub2-x86_64-efi-2.02-164.1 * grub2-debuginfo-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le) * grub2-powerpc-ieee1275-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * grub2-2.02-164.1 * grub2-debuginfo-2.02-164.1 * grub2-debugsource-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64) * grub2-arm64-efi-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * grub2-systemd-sleep-plugin-2.02-164.1 * grub2-snapper-plugin-2.02-164.1 * grub2-x86_64-xen-2.02-164.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * grub2-x86_64-efi-2.02-164.1 * grub2-i386-pc-2.02-164.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1182012 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 14:17:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 16:17:41 +0200 (CEST) Subject: SUSE-CU-2023:2014-1: Recommended update of suse/sle15 Message-ID: <20230620141741.0BAD3F3C2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2014-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.69 , suse/sle15:15.4 , suse/sle15:15.4.27.14.69 Container Release : 27.14.69 Severity : moderate Type : recommended References : 1191112 1198097 1199020 1202234 1209565 1210591 1211354 1212187 1212189 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) The following package changes have been done: - libsolv-tools-0.7.24-150400.3.8.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.13-150400.3.32.1 updated From sle-updates at lists.suse.com Tue Jun 20 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2556-1: moderate: Recommended update for microos-tools Message-ID: <168727860339.20228.18026057207707771229@smelt2.suse.de> # Recommended update for microos-tools Announcement ID: SUSE-RU-2023:2556-1 Rating: moderate References: * #1205011 * #1211356 Affected Products: * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.4 An update that has two recommended fixes can now be installed. ## Description: This update for microos-tools fixes the following issues: * Update to version 2.18 * Add TMPDIR to tukit binddirs for Salt (bsc#1211356, bsc#1205011) * 98selinux-microos: Add chroot as dependency * Fix spelling error in warning ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2556=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2556=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * microos-tools-2.18-150400.3.3.1 * microos-tools-debugsource-2.18-150400.3.3.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * microos-tools-2.18-150400.3.3.1 * microos-tools-debugsource-2.18-150400.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205011 * https://bugzilla.suse.com/show_bug.cgi?id=1211356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 16:30:08 -0000 Subject: SUSE-RU-2023:2555-1: moderate: Recommended update for release-notes-sles-for-sap Message-ID: <168727860837.20228.14930404592979427494@smelt2.suse.de> # Recommended update for release-notes-sles-for-sap Announcement ID: SUSE-RU-2023:2555-1 Rating: moderate References: * #933411 Affected Products: * openSUSE Leap 15.5 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for release-notes-sles-for-sap fixes the following issues: * Set lifecycle to maintained (tracked in bsc#933411) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2555=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-2555=1 ## Package List: * openSUSE Leap 15.5 (noarch) * release-notes-sles-for-sap-15.5.20230510-150500.3.3.1 * SAP Applications Module 15-SP5 (noarch) * release-notes-sles-for-sap-15.5.20230510-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=933411 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 20:30:02 -0000 Subject: SUSE-RU-2023:2559-1: moderate: Recommended update for rust, rust1.70 Message-ID: <168729300280.16806.2441861605359657994@smelt2.suse.de> # Recommended update for rust, rust1.70 Announcement ID: SUSE-RU-2023:2559-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that can now be installed. ## Description: This update for rust, rust1.70 fixes the following issues: Changes in rust: * Update to version 1.70.0 - for details see the rust1.70 package Changes in rust1.70: # Version 1.70.0 (2023-06-01) ## Language * Relax ordering rules for `asm!` operands * Properly allow macro expanded `format_args` invocations to uses captures * Lint ambiguous glob re-exports * Perform const and unsafe checking for expressions in `let _ = expr` position. ## Compiler * Extend -Cdebuginfo with new options and named aliases This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. * Make `unused_allocation` lint against `Box::new` too * Detect uninhabited types early in const eval * Switch to LLD as default linker for {arm,thumb}v4t-none-eabi * Add tier 3 target `loongarch64-unknown-linux-gnu` * Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0) * Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's platform support page for more information on Rust's tiered platform support. ## Libraries * Document NonZeroXxx layout guarantees * Windows: make `Command` prefer non-verbatim paths * Implement Default for some alloc/core iterators * Fix handling of trailing bare CR in str::lines * allow negative numeric literals in `concat!` * Add documentation about the memory layout of `Cell` * Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt` * Stabilize `atomic_as_ptr` * Stabilize `nonnull_slice_from_raw_parts` * Partial stabilization of `once_cell` * Stabilize `nonzero_min_max` * Flatten/inline format_args!() and (string and int) literal arguments into format_args!() * Stabilize movbe target feature * don't splice from files into pipes in io::copy * Add a builtin unstable `FnPtr` trait that is implemented for all function pointers This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. ## Stabilized APIs * `NonZero*::MIN/MAX` * `BinaryHeap::retain` * `Default for std::collections::binary_heap::IntoIter` * `Default for std::collections::btree_map::{IntoIter, Iter, IterMut}` * `Default for std::collections::btree_map::{IntoKeys, Keys}` * `Default for std::collections::btree_map::{IntoValues, Values}` * `Default for std::collections::btree_map::Range` * `Default for std::collections::btree_set::{IntoIter, Iter}` * `Default for std::collections::btree_set::Range` * `Default for std::collections::linked_list::{IntoIter, Iter, IterMut}` * `Default for std::vec::IntoIter` * `Default for std::iter::Chain` * `Default for std::iter::Cloned` * `Default for std::iter::Copied` * `Default for std::iter::Enumerate` * `Default for std::iter::Flatten` * `Default for std::iter::Fuse` * `Default for std::iter::Rev` * `Default for std::slice::Iter` * `Default for std::slice::IterMut` * `Rc::into_inner` * `Arc::into_inner` * `std::cell::OnceCell` * `Option::is_some_and` * `NonNull::slice_from_raw_parts` * `Result::is_ok_and` * `Result::is_err_and` * `std::sync::atomic::Atomic*::as_ptr` * `std::io::IsTerminal` * `std::os::linux::net::SocketAddrExt` * `std::os::unix::net::UnixDatagram::bind_addr` * `std::os::unix::net::UnixDatagram::connect_addr` * `std::os::unix::net::UnixDatagram::send_to_addr` * `std::os::unix::net::UnixListener::bind_addr` * `std::path::Path::as_mut_os_str` * `std::sync::OnceLock` ## Cargo * Add `CARGO_PKG_README` * Make `sparse` the default protocol for crates.io * Accurately show status when downgrading dependencies * Use registry.default for login/logout * Stabilize `cargo logout` ## Misc * Stabilize rustdoc `--test-run-directory` ## Compatibility Notes * Prevent stable `libtest` from supporting `-Zunstable-options` * Perform const and unsafe checking for expressions in `let _ = expr` position. * WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen This may cause incompatibility with older execution environments. * Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2559=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2559=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2559=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2559=1 ## Package List: * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rust1.70-debuginfo-1.70.0-150400.9.3.1 * cargo-1.70.0-150400.24.18.1 * cargo1.70-debuginfo-1.70.0-150400.9.3.1 * cargo1.70-1.70.0-150400.9.3.1 * rust-1.70.0-150400.24.18.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.70-1.70.0-150400.9.3.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rust1.70-debuginfo-1.70.0-150400.9.3.1 * cargo-1.70.0-150400.24.18.1 * cargo1.70-debuginfo-1.70.0-150400.9.3.1 * cargo1.70-1.70.0-150400.9.3.1 * rust-1.70.0-150400.24.18.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.70-1.70.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust1.70-debuginfo-1.70.0-150400.9.3.1 * cargo-1.70.0-150400.24.18.1 * cargo1.70-debuginfo-1.70.0-150400.9.3.1 * cargo1.70-1.70.0-150400.9.3.1 * rust-1.70.0-150400.24.18.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.70-1.70.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.70-1.70.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rust1.70-debuginfo-1.70.0-150400.9.3.1 * cargo-1.70.0-150400.24.18.1 * cargo1.70-debuginfo-1.70.0-150400.9.3.1 * cargo1.70-1.70.0-150400.9.3.1 * rust-1.70.0-150400.24.18.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 20:30:06 -0000 Subject: SUSE-RU-2023:2558-1: moderate: Recommended update for virt-manager Message-ID: <168729300654.16806.12307245392384716477@smelt2.suse.de> # Recommended update for virt-manager Announcement ID: SUSE-RU-2023:2558-1 Rating: moderate References: * #1197945 * #1197947 * #1198041 * #1201748 * #1203252 * #1207070 * #1209800 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has seven recommended fixes can now be installed. ## Description: This update for virt-manager fixes the following issues: * virt-install --graphics vnc fails with not support for video model 'virtio' (bsc#1201748) * Language file fixes (bsc#1209800, bsc#1197945, bsc#1197947, bsc#1198041) * libvirt fails to start the guest once the new shared disk is added (bsc#1207070) * Replace downstream patch with upstream version (bsc#1203252) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2558=1 openSUSE-SLE-15.5-2023-2558=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2558=1 ## Package List: * openSUSE Leap 15.5 (noarch) * virt-manager-common-4.1.0-150500.3.3.1 * virt-install-4.1.0-150500.3.3.1 * virt-manager-4.1.0-150500.3.3.1 * Server Applications Module 15-SP5 (noarch) * virt-manager-common-4.1.0-150500.3.3.1 * virt-install-4.1.0-150500.3.3.1 * virt-manager-4.1.0-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1197945 * https://bugzilla.suse.com/show_bug.cgi?id=1197947 * https://bugzilla.suse.com/show_bug.cgi?id=1198041 * https://bugzilla.suse.com/show_bug.cgi?id=1201748 * https://bugzilla.suse.com/show_bug.cgi?id=1203252 * https://bugzilla.suse.com/show_bug.cgi?id=1207070 * https://bugzilla.suse.com/show_bug.cgi?id=1209800 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 20 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 20 Jun 2023 20:30:08 -0000 Subject: SUSE-RU-2023:2557-1: moderate: Recommended update for suseconnect-ng Message-ID: <168729300812.16806.7498695692572509339@smelt2.suse.de> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:2557-1 Rating: moderate References: * #1211588 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.1.0~git2.f42b4b2a060e: * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2557=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2557=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libsuseconnect-debuginfo-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * libsuseconnect-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ng-debuginfo-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ruby-bindings-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libsuseconnect-debuginfo-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * libsuseconnect-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ng-debuginfo-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ruby-bindings-1.1.0~git2.f42b4b2a060e-150500.3.3.1 * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150500.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 07:14:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 09:14:53 +0200 (CEST) Subject: SUSE-CU-2023:2034-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230621071453.80FE2F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2034-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.153 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.153 Severity : moderate Type : recommended References : 1191112 1198097 1199020 1202234 1209565 1210591 1211354 1212187 1212189 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) The following package changes have been done: - libsolv-tools-0.7.24-150400.3.8.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.13-150400.3.32.1 updated - container:sles15-image-15.0.0-27.14.69 updated From sle-updates at lists.suse.com Wed Jun 21 07:15:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 09:15:16 +0200 (CEST) Subject: SUSE-CU-2023:2035-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230621071516.EA506F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2035-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.50 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.50 Severity : moderate Type : recommended References : 1191112 1198097 1199020 1202234 1209565 1210591 1211354 1212187 1212189 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) The following package changes have been done: - libsolv-tools-0.7.24-150400.3.8.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libzypp-17.31.13-150400.3.32.1 updated - container:sles15-image-15.0.0-27.14.69 updated From sle-updates at lists.suse.com Wed Jun 21 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 08:30:02 -0000 Subject: SUSE-SU-2023:2322-2: important: Security update for terraform-provider-helm Message-ID: <168733620274.21917.10566537139735959572@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:2322-2 Rating: important References: * #1200441 Affected Products: * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2322=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2322=1 ## Package List: * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:30:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:30:38 -0000 Subject: SUSE-SU-2023:2581-1: moderate: Security update for salt Message-ID: <168735063846.19377.13718374635890108065@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:2581-1 Rating: moderate References: * #1207071 * #1209233 * #1211612 * #1211754 * #1212516 * #1212517 Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that contains two features and has six fixes can now be installed. ## Description: This update for salt fixes the following issues: * Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) * Create new salt-tests subpackage containing Salt tests * Drop conflictive patch dicarded from upstream * Fix package build with old setuptools versions * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2581=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2581=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2581=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2581=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2581=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2581=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2581=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2581=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2581=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2581=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2581=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2581=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Manager Proxy 4.2 (x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Manager Proxy 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Manager Server 4.2 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * salt-transactional-update-3006.0-150300.53.50.2 * SUSE Enterprise Storage 7.1 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * salt-minion-3006.0-150300.53.50.2 * salt-transactional-update-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * salt-minion-3006.0-150300.53.50.2 * salt-transactional-update-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * salt-minion-3006.0-150300.53.50.2 * salt-transactional-update-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150300.53.50.2 * salt-doc-3006.0-150300.53.50.2 * salt-minion-3006.0-150300.53.50.2 * python3-salt-3006.0-150300.53.50.2 * salt-3006.0-150300.53.50.2 * salt-ssh-3006.0-150300.53.50.2 * salt-syndic-3006.0-150300.53.50.2 * salt-proxy-3006.0-150300.53.50.2 * salt-api-3006.0-150300.53.50.2 * salt-standalone-formulas-configuration-3006.0-150300.53.50.2 * salt-cloud-3006.0-150300.53.50.2 * salt-transactional-update-3006.0-150300.53.50.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * salt-fish-completion-3006.0-150300.53.50.2 * salt-zsh-completion-3006.0-150300.53.50.2 * salt-bash-completion-3006.0-150300.53.50.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-4361 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:30:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:30:41 -0000 Subject: SUSE-RU-202305:15219-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <168735064111.19377.318756972665403205@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202305:15219-1 Rating: moderate References: * #1207830 * #1208719 * #1210458 Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that contains one feature and has three recommended fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202305-15219=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (all) * spacecmd-4.3.21-2.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://jira.suse.com/browse/MSQA-666 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:30:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:30:50 -0000 Subject: SUSE-SU-2023:2579-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <168735065048.19377.14037688995167682376@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2579-1 Rating: moderate References: * #1047218 * #1192154 * #1192696 * #1200480 * #1201535 * #1201539 * #1203185 * #1203596 * #1203597 * #1203599 * #1204501 * #1207830 * #1208719 * #1208965 * #1209645 * #1210458 * #1210907 Cross-References: * CVE-2020-7753 * CVE-2021-3807 * CVE-2021-3918 * CVE-2021-43138 * CVE-2022-0155 * CVE-2022-27191 * CVE-2022-27664 * CVE-2022-31097 * CVE-2022-31107 * CVE-2022-32149 * CVE-2022-35957 * CVE-2022-36062 * CVE-2022-41715 * CVE-2022-46146 * CVE-2023-1387 * CVE-2023-1410 CVSS scores: * CVE-2020-7753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3918 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-43138 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43138 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-0155 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31097 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2022-31097 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N * CVE-2022-31107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2022-31107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-32149 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-35957 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-35957 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36062 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2022-36062 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1387 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1387 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * SUSE Linux Enterprise Desktop 12 * SUSE Linux Enterprise Desktop 12 SP1 * SUSE Linux Enterprise Desktop 12 SP2 * SUSE Linux Enterprise Desktop 12 SP3 * SUSE Linux Enterprise Desktop 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 * SUSE Manager Client Tools for SLE 12 An update that solves 16 vulnerabilities, contains four features and has one fix can now be installed. ## Description: This update fixes the following issues: grafana: * Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: * CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) * CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) * CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) * CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) * CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) * CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) * CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) * CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) * CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) * CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) * CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) * CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: * Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. * Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. * Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. * The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` * The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. * Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. * Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. * The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` * Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. * If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana * In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). * As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). * In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. * Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. * Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. * Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. * grafana/ui: Button now specifies a default type="button". The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />` * The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` * `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. * Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data * Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. * The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. * In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. * Deprecations: * The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. * Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. * Chore: Remove deprecated DataSourceAPI methods. * Data: Remove deprecated types and functions from valueMappings. * Elasticsearch: Remove browser access mode. * Elasticsearch: Remove support for versions after their end of the life (<7.10.0). * Explore: Remove support for legacy, compact format URLs. * Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. * `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: * User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: * AccessoryButton * EditorFieldGroup * EditorHeader * EditorField * EditorRow * EditorList * EditorRows * EditorSwitch * FlexItem * Stack * InlineSelect * InputGroup * Space * Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. * Logger: Enable new logging format by default. * Loki: Enable new visual query builder by default. * Plugins: Remove plugin list panel. * Install wrapper scripts under /usr/sbin * Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) * Chore: Upgrade typescript to 4.6.4. mgr-daemon: * Version 4.3.7-1 * Update translation strings spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) uyuni-common-libs: * Version 4.3.8-1 * Allow default component for context manager zypp-plugin-spacewalk: * 1.0.14 * SPEC file cleanup ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 12 zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-2579=1 ## Package List: * SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64) * grafana-9.5.1-1.48.1 * python2-uyuni-common-libs-4.3.8-1.33.1 * SUSE Manager Client Tools for SLE 12 (noarch) * spacecmd-4.3.21-38.121.1 * mgr-daemon-4.3.7-1.41.1 * zypp-plugin-spacewalk-1.0.14-30.42.1 * python2-zypp-plugin-spacewalk-1.0.14-30.42.1 ## References: * https://www.suse.com/security/cve/CVE-2020-7753.html * https://www.suse.com/security/cve/CVE-2021-3807.html * https://www.suse.com/security/cve/CVE-2021-3918.html * https://www.suse.com/security/cve/CVE-2021-43138.html * https://www.suse.com/security/cve/CVE-2022-0155.html * https://www.suse.com/security/cve/CVE-2022-27191.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-31097.html * https://www.suse.com/security/cve/CVE-2022-31107.html * https://www.suse.com/security/cve/CVE-2022-32149.html * https://www.suse.com/security/cve/CVE-2022-35957.html * https://www.suse.com/security/cve/CVE-2022-36062.html * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://www.suse.com/security/cve/CVE-2023-1387.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1047218 * https://bugzilla.suse.com/show_bug.cgi?id=1192154 * https://bugzilla.suse.com/show_bug.cgi?id=1192696 * https://bugzilla.suse.com/show_bug.cgi?id=1200480 * https://bugzilla.suse.com/show_bug.cgi?id=1201535 * https://bugzilla.suse.com/show_bug.cgi?id=1201539 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1203596 * https://bugzilla.suse.com/show_bug.cgi?id=1203597 * https://bugzilla.suse.com/show_bug.cgi?id=1203599 * https://bugzilla.suse.com/show_bug.cgi?id=1204501 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1208965 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1210907 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3576 * https://jira.suse.com/browse/PED-3578 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:30:58 -0000 Subject: SUSE-SU-2023:2578-1: important: Security update for SUSE Manager Client Tools Message-ID: <168735065850.19377.14419810484541076856@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2578-1 Rating: important References: * #1192154 * #1192696 * #1200480 * #1201535 * #1201539 * #1203185 * #1203596 * #1203597 * #1203599 * #1204501 * #1207830 * #1208719 * #1209645 * #1210458 * #1210640 * #1210907 Cross-References: * CVE-2020-7753 * CVE-2021-3807 * CVE-2021-3918 * CVE-2021-43138 * CVE-2022-0155 * CVE-2022-27664 * CVE-2022-31097 * CVE-2022-31107 * CVE-2022-32149 * CVE-2022-35957 * CVE-2022-36062 * CVE-2022-41715 * CVE-2022-46146 * CVE-2023-1387 * CVE-2023-1410 CVSS scores: * CVE-2020-7753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3918 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-43138 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43138 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-0155 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31097 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2022-31097 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N * CVE-2022-31107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2022-31107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-32149 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-35957 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-35957 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36062 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2022-36062 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1387 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1387 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 An update that solves 15 vulnerabilities, contains three features and has one fix can now be installed. ## Description: This update fixes the following issues: bind: * Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro * There are no source changes dracut-saltboot: * Update to version 0.1.1681904360.84ef141 * Load network configuration even when missing protocol version (bsc#1210640) grafana: * Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: * CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) * CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) * CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) * CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) * CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) * CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) * CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) * CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) * CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) * CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) * CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) * CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: * Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. * Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. * Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. * The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` * The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. * Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. * Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. * The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` * Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. * If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana * In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). * As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). * In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. * Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. * Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. * Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. * grafana/ui: Button now specifies a default type="button". The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />` * The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` * `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. * Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data * Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. * The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. * In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. * Deprecations: * The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. * Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. * Chore: Remove deprecated DataSourceAPI methods. * Data: Remove deprecated types and functions from valueMappings. * Elasticsearch: Remove browser access mode. * Elasticsearch: Remove support for versions after their end of the life (<7.10.0). * Explore: Remove support for legacy, compact format URLs. * Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. * `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: * User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: * AccessoryButton * EditorFieldGroup * EditorHeader * EditorField * EditorRow * EditorList * EditorRows * EditorSwitch * FlexItem * Stack * InlineSelect * InputGroup * Space * Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. * Logger: Enable new logging format by default. * Loki: Enable new visual query builder by default. * Plugins: Remove plugin list panel. * Install wrapper scripts under /usr/sbin * Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) * Chore: Upgrade typescript to 4.6.4. mgr-daemon: * Version 4.3.7-1 * Update translation strings spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) uyuni-common-libs: * Version 4.3.8-1 * Allow default component for context manager zypp-plugin-spacewalk: * 1.0.14 * SPEC cleanup ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2578=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2578=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2578=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2578=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2578=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2578=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2578=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2578=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2578=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2578=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2578=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2578=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2578=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (x86_64) * libisccfg1600-32bit-debuginfo-9.16.6-150000.12.65.1 * libisc1606-32bit-9.16.6-150000.12.65.1 * libbind9-1600-32bit-debuginfo-9.16.6-150000.12.65.1 * libisc1606-32bit-debuginfo-9.16.6-150000.12.65.1 * libirs1601-32bit-9.16.6-150000.12.65.1 * libisccc1600-32bit-9.16.6-150000.12.65.1 * libbind9-1600-32bit-9.16.6-150000.12.65.1 * libisccfg1600-32bit-9.16.6-150000.12.65.1 * libdns1605-32bit-9.16.6-150000.12.65.1 * libns1604-32bit-debuginfo-9.16.6-150000.12.65.1 * libirs1601-32bit-debuginfo-9.16.6-150000.12.65.1 * libns1604-32bit-9.16.6-150000.12.65.1 * libdns1605-32bit-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-32bit-debuginfo-9.16.6-150000.12.65.1 * bind-devel-32bit-9.16.6-150000.12.65.1 * openSUSE Leap 15.4 (noarch) * dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1 * spacecmd-4.3.21-150000.3.98.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * wire-0.5.0-150000.1.12.3 * wire-debuginfo-0.5.0-150000.1.12.3 * openSUSE Leap 15.5 (noarch) * dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1 * spacecmd-4.3.21-150000.3.98.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * wire-0.5.0-150000.1.12.3 * wire-debuginfo-0.5.0-150000.1.12.3 * SUSE Manager Client Tools for SLE 15 (noarch) * spacecmd-4.3.21-150000.3.98.1 * dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1 * python3-zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * mgr-daemon-4.3.7-150000.1.41.1 * zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * grafana-9.5.1-150000.1.48.5 * python3-uyuni-common-libs-4.3.8-150000.1.33.1 * grafana-debuginfo-9.5.1-150000.1.48.5 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * libirs1601-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * SUSE Manager Client Tools for SLE Micro 5 (noarch) * python3-bind-9.16.6-150000.12.65.1 * dracut-saltboot-0.1.1681904360.84ef141-150000.1.50.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64_ilp32) * libisccc1600-64bit-9.16.6-150000.12.65.1 * libdns1605-64bit-9.16.6-150000.12.65.1 * libbind9-1600-64bit-9.16.6-150000.12.65.1 * libirs1601-64bit-9.16.6-150000.12.65.1 * libisccfg1600-64bit-9.16.6-150000.12.65.1 * libisc1606-64bit-9.16.6-150000.12.65.1 * SUSE Manager Client Tools for SLE Micro 5 (s390x x86_64) * libns1604-9.16.6-150000.12.65.1 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * python3-zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * python3-zypp-plugin-spacewalk-1.0.14-150000.3.35.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE Enterprise Storage 7 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 * SUSE CaaS Platform 4.0 (x86_64) * bind-debuginfo-9.16.6-150000.12.65.1 * libirs1601-9.16.6-150000.12.65.1 * bind-utils-debuginfo-9.16.6-150000.12.65.1 * libisccfg1600-9.16.6-150000.12.65.1 * bind-9.16.6-150000.12.65.1 * bind-devel-9.16.6-150000.12.65.1 * libisc1606-debuginfo-9.16.6-150000.12.65.1 * libbind9-1600-debuginfo-9.16.6-150000.12.65.1 * libns1604-debuginfo-9.16.6-150000.12.65.1 * libdns1605-debuginfo-9.16.6-150000.12.65.1 * libirs1601-debuginfo-9.16.6-150000.12.65.1 * bind-debugsource-9.16.6-150000.12.65.1 * bind-chrootenv-9.16.6-150000.12.65.1 * libirs-devel-9.16.6-150000.12.65.1 * libbind9-1600-9.16.6-150000.12.65.1 * libisccfg1600-debuginfo-9.16.6-150000.12.65.1 * libisc1606-9.16.6-150000.12.65.1 * libns1604-9.16.6-150000.12.65.1 * libdns1605-9.16.6-150000.12.65.1 * bind-utils-9.16.6-150000.12.65.1 * libisccc1600-debuginfo-9.16.6-150000.12.65.1 * libisccc1600-9.16.6-150000.12.65.1 * SUSE CaaS Platform 4.0 (noarch) * python3-bind-9.16.6-150000.12.65.1 * bind-doc-9.16.6-150000.12.65.1 ## References: * https://www.suse.com/security/cve/CVE-2020-7753.html * https://www.suse.com/security/cve/CVE-2021-3807.html * https://www.suse.com/security/cve/CVE-2021-3918.html * https://www.suse.com/security/cve/CVE-2021-43138.html * https://www.suse.com/security/cve/CVE-2022-0155.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-31097.html * https://www.suse.com/security/cve/CVE-2022-31107.html * https://www.suse.com/security/cve/CVE-2022-32149.html * https://www.suse.com/security/cve/CVE-2022-35957.html * https://www.suse.com/security/cve/CVE-2022-36062.html * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://www.suse.com/security/cve/CVE-2023-1387.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1192154 * https://bugzilla.suse.com/show_bug.cgi?id=1192696 * https://bugzilla.suse.com/show_bug.cgi?id=1200480 * https://bugzilla.suse.com/show_bug.cgi?id=1201535 * https://bugzilla.suse.com/show_bug.cgi?id=1201539 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1203596 * https://bugzilla.suse.com/show_bug.cgi?id=1203597 * https://bugzilla.suse.com/show_bug.cgi?id=1203599 * https://bugzilla.suse.com/show_bug.cgi?id=1204501 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1210640 * https://bugzilla.suse.com/show_bug.cgi?id=1210907 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3576 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:02 -0000 Subject: SUSE-RU-202305:15217-1: important: Recommended update for SUSE Manager Salt Bundle Message-ID: <168735066231.19377.10666066797073884558@smelt2.suse.de> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-202305:15217-1 Rating: important References: * #1207071 * #1209233 * #1211612 Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Create new salt-tests subpackage containing Salt tests * Fix SLS rendering error when Jinja macros are used * Fix to avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202305-15217=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (amd64) * venv-salt-minion-3006.0-2.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:08 -0000 Subject: SUSE-SU-2023:2575-1: important: Security update for SUSE Manager Client Tools Message-ID: <168735066828.19377.6588233380774683411@smelt2.suse.de> # Security update for SUSE Manager Client Tools Announcement ID: SUSE-SU-2023:2575-1 Rating: important References: * #1192154 * #1192696 * #1200480 * #1201535 * #1201539 * #1203185 * #1203596 * #1203597 * #1204501 * #1209645 * #1210907 Cross-References: * CVE-2020-7753 * CVE-2021-3807 * CVE-2021-3918 * CVE-2021-43138 * CVE-2022-0155 * CVE-2022-27664 * CVE-2022-31097 * CVE-2022-31107 * CVE-2022-32149 * CVE-2022-35957 * CVE-2022-36062 * CVE-2023-1387 * CVE-2023-1410 CVSS scores: * CVE-2020-7753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-3918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-3918 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2021-43138 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2021-43138 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2022-0155 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N * CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-31097 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2022-31097 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N * CVE-2022-31107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2022-31107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-32149 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-32149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-35957 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-35957 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36062 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2022-36062 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2023-1387 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1387 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N * CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N * CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves 13 vulnerabilities and contains two features can now be installed. ## Description: This update fixes the following issues: grafana: * Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: * CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) * CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) * CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) * CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) * CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) * CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) * CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) * CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) * CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor * CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) * CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) * CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) * CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: * Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. * Grafana Alerting rules with NoDataState configuration set to Alerting will now respect "For" duration. * Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. * The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` * The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. * Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. * Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. * The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` * Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. * If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana * In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). * As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). * In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. * Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. * Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. * Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. * grafana/ui: Button now specifies a default type="button". The `Button` component provided by @grafana/ui now specifies a default `type="button"` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `<form>` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `<Button type="submit" />` * The `Rename by regex` transformation has been improved to allow global patterns of the form `/<stringToReplace>/g`. Depending on the regex match used, this may cause some transformations to behave slightly differently. You can guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would become `/(.*)/` * `<Select />` menus will now portal to the document body by default. This is to give more consistent behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}` this will continue to prevent the menu from portalling. * Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now expects the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data source numeric identifier. * Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect the data source UID as a path parameter instead of the data * Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect the data source UID as a path parameter instead of the data source numeric identifier. * The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with `error` and `debug`. The precision of timestamps has been increased. To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle `oldlog`. This option will be removed in a future minor release. * In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more efficient format. The query-result is represented by a single dataframe with a "labels" column, instead of the separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or Transforms were used, adjustments may be necessary. For example, if you used the "labels to fields" transformation with the logs data, please switch to the "extract fields" transformation. * Deprecations: * The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use the `go_sql_stats_*` metrics instead. * Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when navigating to Explore using the deprecated format the URLs are automatically converted. If you have existing links pointing to Explore update them using the format generated by Explore upon navigation. You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as an array of strings, for example `&left=["now-1h","now"...]`. The standard explore URLs follow a key/value pattern, for example `&left={"datasource":"test"...}`. Please be sure to check your dashboards for any hardcoded links to Explore and update them to the standard URL pattern. * Chore: Remove deprecated DataSourceAPI methods. * Data: Remove deprecated types and functions from valueMappings. * Elasticsearch: Remove browser access mode. * Elasticsearch: Remove support for versions after their end of the life (<7.10.0). * Explore: Remove support for legacy, compact format URLs. * Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels. * `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will be removed in a future release. If you need to set a different query editor for Explore, conditionally render based on `props.app` in your regular query editor. * Changes: * User: Fix externalUserId not being populated. If you used any of these components please use them from grafana/experimental from now on: * AccessoryButton * EditorFieldGroup * EditorHeader * EditorField * EditorRow * EditorList * EditorRows * EditorSwitch * FlexItem * Stack * InlineSelect * InputGroup * Space * Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding `?__feature.useLegacyHeatmapPanel=true` to any dashboard URL. * Logger: Enable new logging format by default. * Loki: Enable new visual query builder by default. * Plugins: Remove plugin list panel. * Install wrapper scripts under /usr/sbin * Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin) * Chore: Upgrade typescript to 4.6.4. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2575=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2575=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2575=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2575=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.1-150200.3.41.3 * grafana-9.5.1-150200.3.41.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.1-150200.3.41.3 * grafana-9.5.1-150200.3.41.3 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.1-150200.3.41.3 * grafana-9.5.1-150200.3.41.3 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * grafana-debuginfo-9.5.1-150200.3.41.3 * grafana-9.5.1-150200.3.41.3 ## References: * https://www.suse.com/security/cve/CVE-2020-7753.html * https://www.suse.com/security/cve/CVE-2021-3807.html * https://www.suse.com/security/cve/CVE-2021-3918.html * https://www.suse.com/security/cve/CVE-2021-43138.html * https://www.suse.com/security/cve/CVE-2022-0155.html * https://www.suse.com/security/cve/CVE-2022-27664.html * https://www.suse.com/security/cve/CVE-2022-31097.html * https://www.suse.com/security/cve/CVE-2022-31107.html * https://www.suse.com/security/cve/CVE-2022-32149.html * https://www.suse.com/security/cve/CVE-2022-35957.html * https://www.suse.com/security/cve/CVE-2022-36062.html * https://www.suse.com/security/cve/CVE-2023-1387.html * https://www.suse.com/security/cve/CVE-2023-1410.html * https://bugzilla.suse.com/show_bug.cgi?id=1192154 * https://bugzilla.suse.com/show_bug.cgi?id=1192696 * https://bugzilla.suse.com/show_bug.cgi?id=1200480 * https://bugzilla.suse.com/show_bug.cgi?id=1201535 * https://bugzilla.suse.com/show_bug.cgi?id=1201539 * https://bugzilla.suse.com/show_bug.cgi?id=1203185 * https://bugzilla.suse.com/show_bug.cgi?id=1203596 * https://bugzilla.suse.com/show_bug.cgi?id=1203597 * https://bugzilla.suse.com/show_bug.cgi?id=1204501 * https://bugzilla.suse.com/show_bug.cgi?id=1209645 * https://bugzilla.suse.com/show_bug.cgi?id=1210907 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3694 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:12 -0000 Subject: SUSE-RU-202305:15216-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <168735067295.19377.3789606819222608087@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202305:15216-1 Rating: moderate References: * #1207071 * #1207830 * #1208719 * #1209233 * #1210458 * #1211612 Affected Products: * SUSE Manager Client Tools for Ubuntu 20.04 2004 An update that contains two features and has six recommended fixes can now be installed. ## Description: This update fixes the following issues: salt: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) python-looseversion: * Provide python-looseversion as new salt dependency ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 20.04 2004 zypper in -t patch suse-ubu204ct-client-tools-202305-15216=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 20.04 2004 (all) * python3-looseversion-1.0.2-1 * salt-common-3006.0+ds-1+2.101.1 * salt-minion-3006.0+ds-1+2.101.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:15 -0000 Subject: SUSE-RU-2023:2573-1: moderate: Recommended update for SUSE Manager Salt Bundle Message-ID: <168735067554.19377.2811701521000191522@smelt2.suse.de> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:2573-1 Rating: moderate References: * #1207071 * #1209233 * #1211612 * #1211754 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.0 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Client Tools for SLE Micro 5 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that contains two features and has four recommended fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) * Fix to avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) * Fix SLS rendering error when Jinja macros are used ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2573=1 * SUSE Manager Client Tools for SLE Micro 5 zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-2573=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2573=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2573=1 ## Package List: * SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.32.1 * SUSE Manager Client Tools for SLE Micro 5 (aarch64 s390x x86_64) * venv-salt-minion-3006.0-150000.3.32.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.32.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-150000.3.32.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:18 -0000 Subject: SUSE-SU-2023:2572-1: moderate: Security update for salt Message-ID: <168735067844.19377.11972133620394990081@smelt2.suse.de> # Security update for salt Announcement ID: SUSE-SU-2023:2572-1 Rating: moderate References: * #1207071 * #1209233 * #1211612 * #1211754 * #1212516 * #1212517 Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that contains two features and has six fixes can now be installed. ## Description: This update for salt fixes the following issues: * Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) * Create new salt-tests subpackage containing Salt tests * Drop conflictive patch dicarded from upstream * Fix package build with old setuptools versions * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2572=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2572=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2572=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2572=1 ## Package List: * SUSE Enterprise Storage 7 (aarch64 x86_64) * salt-master-3006.0-150200.98.2 * salt-3006.0-150200.98.2 * salt-transactional-update-3006.0-150200.98.2 * salt-standalone-formulas-configuration-3006.0-150200.98.2 * salt-doc-3006.0-150200.98.2 * salt-minion-3006.0-150200.98.2 * salt-proxy-3006.0-150200.98.2 * salt-api-3006.0-150200.98.2 * salt-ssh-3006.0-150200.98.2 * salt-syndic-3006.0-150200.98.2 * salt-cloud-3006.0-150200.98.2 * python3-salt-3006.0-150200.98.2 * SUSE Enterprise Storage 7 (noarch) * salt-fish-completion-3006.0-150200.98.2 * salt-bash-completion-3006.0-150200.98.2 * salt-zsh-completion-3006.0-150200.98.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * salt-master-3006.0-150200.98.2 * salt-3006.0-150200.98.2 * salt-standalone-formulas-configuration-3006.0-150200.98.2 * salt-doc-3006.0-150200.98.2 * salt-minion-3006.0-150200.98.2 * salt-proxy-3006.0-150200.98.2 * salt-api-3006.0-150200.98.2 * salt-ssh-3006.0-150200.98.2 * salt-syndic-3006.0-150200.98.2 * salt-cloud-3006.0-150200.98.2 * python3-salt-3006.0-150200.98.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * salt-fish-completion-3006.0-150200.98.2 * salt-bash-completion-3006.0-150200.98.2 * salt-zsh-completion-3006.0-150200.98.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * salt-master-3006.0-150200.98.2 * salt-3006.0-150200.98.2 * salt-transactional-update-3006.0-150200.98.2 * salt-standalone-formulas-configuration-3006.0-150200.98.2 * salt-doc-3006.0-150200.98.2 * salt-minion-3006.0-150200.98.2 * salt-proxy-3006.0-150200.98.2 * salt-api-3006.0-150200.98.2 * salt-ssh-3006.0-150200.98.2 * salt-syndic-3006.0-150200.98.2 * salt-cloud-3006.0-150200.98.2 * python3-salt-3006.0-150200.98.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * salt-fish-completion-3006.0-150200.98.2 * salt-bash-completion-3006.0-150200.98.2 * salt-zsh-completion-3006.0-150200.98.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * salt-master-3006.0-150200.98.2 * salt-3006.0-150200.98.2 * salt-transactional-update-3006.0-150200.98.2 * salt-standalone-formulas-configuration-3006.0-150200.98.2 * salt-doc-3006.0-150200.98.2 * salt-minion-3006.0-150200.98.2 * salt-proxy-3006.0-150200.98.2 * salt-api-3006.0-150200.98.2 * salt-ssh-3006.0-150200.98.2 * salt-syndic-3006.0-150200.98.2 * salt-cloud-3006.0-150200.98.2 * python3-salt-3006.0-150200.98.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * salt-fish-completion-3006.0-150200.98.2 * salt-bash-completion-3006.0-150200.98.2 * salt-zsh-completion-3006.0-150200.98.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-4361 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:22 -0000 Subject: SUSE-SU-2023:2571-1: moderate: Security update for Salt Message-ID: <168735068266.19377.271318361061567592@smelt2.suse.de> # Security update for Salt Announcement ID: SUSE-SU-2023:2571-1 Rating: moderate References: * #1207071 * #1209233 * #1211612 * #1211754 * #1212516 * #1212517 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * Server Applications Module 15-SP4 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 * Transactional Server Module 15-SP4 An update that contains two features and has six fixes can now be installed. ## Description: This update for salt fixes the following issues: salt: * Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) * Create new salt-tests subpackage containing Salt tests * Drop conflictive patch dicarded from upstream * Fix package build with old setuptools versions * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) * Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: * Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: * Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2571=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2571=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2571=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2571=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2571=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2571=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2571=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2571=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2571=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2571=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2571=1 * Transactional Server Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP4-2023-2571=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2571=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2571=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2571=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2571=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2571=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2571=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2571=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2571=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2571=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2571=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2571=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2571=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2571=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2571=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2571=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2571=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2571=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2571=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python-ply-doc-3.10-150000.3.3.4 * salt-bash-completion-3006.0-150400.8.34.2 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * salt-fish-completion-3006.0-150400.8.34.2 * salt-zsh-completion-3006.0-150400.8.34.2 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * salt-doc-3006.0-150400.8.34.2 * salt-standalone-formulas-configuration-3006.0-150400.8.34.2 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-cloud-3006.0-150400.8.34.2 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-api-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * salt-syndic-3006.0-150400.8.34.2 * salt-transactional-update-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * salt-master-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * salt-proxy-3006.0-150400.8.34.2 * salt-ssh-3006.0-150400.8.34.2 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * openSUSE Leap 15.5 (noarch) * python-ply-doc-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-transactional-update-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-transactional-update-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro 5.3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-transactional-update-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-transactional-update-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro 5.4 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-doc-3006.0-150400.8.34.2 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * Basesystem Module 15-SP4 (noarch) * salt-zsh-completion-3006.0-150400.8.34.2 * salt-bash-completion-3006.0-150400.8.34.2 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * Basesystem Module 15-SP5 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Package Hub 15 15-SP4 (noarch) * python2-jmespath-0.9.3-150000.3.3.4 * SUSE Package Hub 15 15-SP5 (noarch) * python2-jmespath-0.9.3-150000.3.3.4 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-standalone-formulas-configuration-3006.0-150400.8.34.2 * salt-cloud-3006.0-150400.8.34.2 * salt-syndic-3006.0-150400.8.34.2 * salt-master-3006.0-150400.8.34.2 * salt-proxy-3006.0-150400.8.34.2 * salt-ssh-3006.0-150400.8.34.2 * salt-api-3006.0-150400.8.34.2 * Server Applications Module 15-SP4 (noarch) * salt-fish-completion-3006.0-150400.8.34.2 * Transactional Server Module 15-SP4 (aarch64 ppc64le s390x x86_64) * salt-transactional-update-3006.0-150400.8.34.2 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Manager Proxy 4.2 (x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Manager Proxy 4.2 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Manager Retail Branch Server 4.2 (x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Manager Retail Branch Server 4.2 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * python2-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python2-simplejson-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * SUSE Manager Server 4.2 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Enterprise Storage 7.1 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Enterprise Storage 7 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE CaaS Platform 4.0 (noarch) * python2-ply-3.10-150000.3.3.4 * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro 5.1 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro 5.1 (s390x x86_64) * python3-simplejson-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro 5.2 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * python-simplejson-debuginfo-3.17.2-150300.3.2.3 * python3-simplejson-debuginfo-3.17.2-150300.3.2.3 * salt-transactional-update-3006.0-150400.8.34.2 * salt-3006.0-150400.8.34.2 * python3-salt-3006.0-150400.8.34.2 * salt-minion-3006.0-150400.8.34.2 * python3-simplejson-3.17.2-150300.3.2.3 * python-simplejson-debugsource-3.17.2-150300.3.2.3 * openSUSE Leap Micro 5.3 (noarch) * python3-jmespath-0.9.3-150000.3.3.4 * python3-ply-3.10-150000.3.3.4 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://bugzilla.suse.com/show_bug.cgi?id=1211754 * https://bugzilla.suse.com/show_bug.cgi?id=1212516 * https://bugzilla.suse.com/show_bug.cgi?id=1212517 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-4361 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:26 -0000 Subject: SUSE-RU-202305:15214-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <168735068601.19377.11534020378994307038@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-202305:15214-1 Rating: moderate References: * #1207071 * #1207830 * #1208719 * #1209233 * #1210458 * #1211612 Affected Products: * SUSE Manager Client Tools for Ubuntu 18.04 1804 An update that contains two features and has six recommended fixes can now be installed. ## Description: This update fixes the following issues: salt: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add missing patch after rebase to fix collections Mapping issues * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Create new salt-tests subpackage containing Salt tests * Drop conflictive patch dicarded from upstream * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) python-looseversion: * Provide python-looseversion as new salt dependency python3-jmespath: * Provide python3-jmespath as new salt dependency python3-packaging: * Provide python3-packaging as new salt dependency ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 18.04 1804 zypper in -t patch suse-ubu184ct-client-tools-202305-15214=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 18.04 1804 (all) * python3-looseversion-1.0.2-1 * python3-packaging-17.1-1 * salt-minion-3006.0+ds-1+141.1 * spacecmd-4.3.21-65.4 * salt-common-3006.0+ds-1+141.1 * python3-jmespath-0.9.3-1ubuntu1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:29 -0000 Subject: SUSE-RU-2023:2568-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <168735068925.19377.17948277936493285242@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:2568-1 Rating: moderate References: * #1207071 * #1207830 * #1208719 * #1209233 * #1210458 * #1211612 Affected Products: * SUSE Manager Client Tools for Debian 10 An update that contains two features and has six recommended fixes can now be installed. ## Description: This update fixes the following issues: salt: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix SLS rendering error when Jinja macros are used * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) python-looseversion: * Provide python-looseversion 1.0.2-1 as new salt dependency ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 10 zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2023-2568=1 ## Package List: * SUSE Manager Client Tools for Debian 10 (all) * salt-minion-3006.0+ds-1+2.80.1 * python3-looseversion-1.0.2-1 * salt-common-3006.0+ds-1+2.80.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:31 -0000 Subject: SUSE-RU-2023:2567-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <168735069145.19377.10382917412219476957@smelt2.suse.de> # Recommended update for SUSE Manager Client Tools Announcement ID: SUSE-RU-2023:2567-1 Rating: moderate References: * #1207830 * #1208719 * #1210458 Affected Products: * SUSE Manager Client Tools for Debian 11 An update that contains one feature and has three recommended fixes can now be installed. ## Description: This update fixes the following issues: spacecmd: * Version 4.3.21-1 * fix argument parsing of distribution_update (bsc#1210458) * Version 4.3.20-1 * Display activation key details after executing the corresponding command (bsc#1208719) * Show targetted packages before actually removing them (bsc#1207830) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Debian 11 zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2023-2567=1 ## Package List: * SUSE Manager Client Tools for Debian 11 (all) * spacecmd-4.3.21-2.21.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207830 * https://bugzilla.suse.com/show_bug.cgi?id=1208719 * https://bugzilla.suse.com/show_bug.cgi?id=1210458 * https://jira.suse.com/browse/MSQA-666 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:33 -0000 Subject: SUSE-RU-2023:2565-1: moderate: Recommended update for microos-tools Message-ID: <168735069360.19377.12675793583786636714@smelt2.suse.de> # Recommended update for microos-tools Announcement ID: SUSE-RU-2023:2565-1 Rating: moderate References: * #1205011 * #1211356 Affected Products: * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 An update that has two recommended fixes can now be installed. ## Description: This update for microos-tools fixes the following issues: * Update to version 2.18 * Add TMPDIR to tukit binddirs for Salt (bsc#1211356, bsc#1205011) * 98selinux-microos: Add chroot as dependency * Fix spelling error in warning ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2565=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2565=1 ## Package List: * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * microos-tools-2.18-150300.7.6.1 * microos-tools-debugsource-2.18-150300.7.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * microos-tools-2.18-150300.7.6.1 * microos-tools-debugsource-2.18-150300.7.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205011 * https://bugzilla.suse.com/show_bug.cgi?id=1211356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:35 -0000 Subject: SUSE-SU-2023:2273-2: important: Security update for geoipupdate Message-ID: <168735069555.19377.11275717331110880818@smelt2.suse.de> # Security update for geoipupdate Announcement ID: SUSE-SU-2023:2273-2 Rating: important References: * #1200441 * #1209658 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two fixes can now be installed. ## Description: This update of geoipupdate fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2273=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2273=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * geoipupdate-debuginfo-4.2.2-150000.1.10.1 * geoipupdate-legacy-4.2.2-150000.1.10.1 * geoipupdate-4.2.2-150000.1.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:37 -0000 Subject: SUSE-RU-2023:2301-2: moderate: Recommended update for cosign Message-ID: <168735069729.19377.1392131735718028832@smelt2.suse.de> # Recommended update for cosign Announcement ID: SUSE-RU-2023:2301-2 Rating: moderate References: Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for cosign fixes the following issues: cosign was updated to 2.0.1 (jsc#SLE-23879) * Enhancements * Add environment variable token provider (#2864) * Remove cosign policy command (#2846) * Allow customising 'go' executable with GOEXE var (#2841) * Consistent tlog warnings during verification (#2840) * Add riscv64 arch (#2821) * Default generated PEM labels to SIGSTORE (#2735) * Update privacy statement and confirmation (#2797) * Add exit codes for verify errors (#2766) * Add Buildkite provider (#2779) * verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746) * Bug Fixes * PKCS11 sessions are now opened read only (#2853) * Makefile: date format of log should not show signatures (#2835) * Add missing flags to cosign verify dockerfile/manifest (#2830) * Add a warning to remember how to configure a custom Gitlab host (#2816) * Remove tag warning message from save/copy commands (#2799) * Mark keyless pem files with b64 (#2671) * build against a maintained golang version (upstream uses go1.20) cosign was updated to 2.0.0 (jsc#SLE-23879) * Breaking Changes: * insecure-skip-tlog-verify: rename and adapt the cert expiration check (#2620) * Deprecate --certificate-email flag. Make --certificate-identity and -? (#2411) * Enhancements: * Change go module name to github.com/sigstore/cosign/v2 for Cosign 2.0 (#2544) * Allow users to pass in a path for the --identity-token flag (#2538) * Breaking change: Respect tlog-upload=false, default to true (#2505) * Support outputing a certificate without uploading to the tlog (#2506) * Attestation/Blob signing and verification using a RFC3161 time-stamping server (#2464) * respect tlog-upload flag with TSA (#2474) * Better feedback if specifying incompatible argument on cosign sign --attachment (#2449) * Support TSA and Rekor verifications (#2463) * add support for tsa signing and verification of images (#2460) * cosign policy sign: remove experimental flag and make keyless signing default (#2459) * Remove experimental mode from cosign attest and verify-attestation (#2458) * Remove experimental mode from sign-blob and verify-blob (#2457) * Add --offline flag to force offline verification (#2427) * Air gap support (#2299) * Breaking change: Change SCT verification behavior to default to enforcement (#2400) * Breaking change: remove --force flag from sign and attest and rely on --yes flag to skip confirmation (#2399) * Breaking change: replace --no-tlog-upload flag with --tlog-upload flag (#2397) * Remove experimental flag from cosign sign and cosign verify (#2387) * verify: remove SIGSTORE_TRUST_REKOR_API_PUBLIC_KEY test env var for using a key from rekor's API (#2362) * Add warning to use digest instead of tags to other cosign commands (#2650) * Fix up UI messages (#2629) * Remove hardcoded Fulcio from output (#2621) * Fix missing privacy statement, print in multiple locations (#2622) * feat: allows custom key names for import-key-pair (#2587) * feat: support keyless verification for verify-blob-attestation (#2525) * attest-blob: add functionality for keyless signing (#2515) * Rego: add support for custom error/warning messages when evaluating rego rules (#2577) * feat: add debug information to cert validation error (#2579) * Support non-Sigstore TSA requests (#2708) * Add COSIGN_OCI_EXPERIMENTAL, push .sig/.sbom using OCI 1.1+ digest tag (#2684) * Output certificate in bundle when entry is not uploaded to Rekor (#2715) * attach signature and attach sbom must use STDIN to upload raw string (#2637) * add generate-key-pair GitHub Enterprise server support (#2676) * add in format string for warning (#2699) * Support for fetching Fulcio certs with self-managed key (#2532) * 2476 predicate type download (#2484) * Bug Fixes: * Fix the file existence check. (#2552) * Fix timestamp verification, add verify-blob tests (#2527) * Fix(verify): Consolidate certificate expiry logic (#2504) * Updates to Timestamp signing and verification (#2499) * Fix: removes attestation payload from attest-blob's output & no base64 encoding (#2498) * Fix path for e2e-tests badge (#2490) * Fix spdx json media type (#2479) * Fix sct verificaction (#2426) * Fix: panic with unsigned local image (#2656) * Make sure a cert passed in via --cert matches the bundle cert (#2652) * Fix: fix github oidc post submit test (#2594) * Fix: add enhanced error messages for failing verification with TUF targets (#2589) * Fix: Add missing schemes to cosign predicate types. (#2717) * Fix: Drop the CosignPredicate wrapper around SBOM attestations. (#2718) * Fix prompts with Windows line endings (#2674) cosing was update to 1.13.1: * verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341) * Nits for #2337 (#2342) * Add verify-blob-attestation command and tests (#2337) * Update warning when users sign images by tag. (#2313) * Remove experimental flags from attest-blob and refactor (#2338) * Add --output-attestation flag to attest-blob and remove experimental signing (#2332) * Add attest-blob command (#2286) * Add '\--cert-identity' flag to support subject alternate names for ver? (#2278) * Update Dockerfile section of README (#2323) * Fix option description: "sign" \--> "verify" (#2306) cosign was updated to 1.13.0: * feat: use stdin as an input for predicate by @developer-guy in https://github.com/sigstore/cosign/pull/2269 * feat: improve the verification message by @developer-guy in https://github.com/sigstore/cosign/pull/2268 * use scaffolding 0.4.8 for tests. by @vaikas in https://github.com/sigstore/cosign/pull/2280 * fix pivtool generate key touch policy by @cpanato in https://github.com/sigstore/cosign/pull/2282 * Check error on chain verification failure by @haydentherapper in https://github.com/sigstore/cosign/pull/2284 * Fix: Remove an extra registry request from verification path. by @mattmoor in https://github.com/sigstore/cosign/pull/2285 * Fix: Create a static copy of signatures as part of verification. by @mattmoor in https://github.com/sigstore/cosign/pull/2287 * Data race in FetchSignaturesForReference by @RTann in https://github.com/sigstore/cosign/pull/2283 * Add support for Fulcio username identity in SAN by @haydentherapper in https://github.com/sigstore/cosign/pull/2291 * fix: make tlog entry lookups for online verification shard-aware by @asraa in https://github.com/sigstore/cosign/pull/2297 * Better help text to sign and verify SBOM by @ChristianCiach in https://github.com/sigstore/cosign/pull/2308 * Adding warning to pin to digest by @ChaosInTheCRD in https://github.com/sigstore/cosign/pull/2311 * Add annotations for upload blob. by @cldmnky in https://github.com/sigstore/cosign/pull/2188 * replace deprecate package by @cpanato in https://github.com/sigstore/cosign/pull/2314 * update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in https://github.com/sigstore/cosign/pull/2315 cosign was updated to 1.12.1: * fix: Pulls Fulcio root and intermediate when --certificate-chain is not passed into verify-blob command. The v1.12.0 release introduced a regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would check a --certificate (without a --certificate-chain provided) against the operating system root CA bundle. In this release, Cosign checks the certificate against Fulcio's CA root instead (restoring the earlier behavior). * fix: fix cert chain validation for verify-blob in non-experimental mode * fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba * Fix BYO-root with intermediate to fetch intermediates from annotation * fix: fixing breaking changes in rekor v1.12.0 upgrade ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2301=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2301=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.9.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.9.1 ## References: * https://jira.suse.com/browse/SLE-23879 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:39 -0000 Subject: SUSE-RU-2023:2355-2: moderate: Recommended update for librelp Message-ID: <168735069906.19377.9385780629487773342@smelt2.suse.de> # Recommended update for librelp Announcement ID: SUSE-RU-2023:2355-2 Rating: moderate References: * #1210649 Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for librelp fixes the following issues: * update to librelp 1.11.0 (bsc#1210649) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2355=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2355=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * librelp0-1.11.0-150000.3.3.1 * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * librelp0-1.11.0-150000.3.3.1 * librelp0-debuginfo-1.11.0-150000.3.3.1 * librelp-devel-1.11.0-150000.3.3.1 * librelp-debugsource-1.11.0-150000.3.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210649 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:42 -0000 Subject: SUSE-RU-2023:2272-2: moderate: Recommended update for go Message-ID: <168735070216.19377.5460457763982629624@smelt2.suse.de> # Recommended update for go Announcement ID: SUSE-RU-2023:2272-2 Rating: moderate References: * #1206346 * #1210938 Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for go fixes the following issues: Switch default go compiler to go1.20. (bsc#1206346) Packaging improvements: * Re-enable debuginfo bsc#1210938 remove spec comment "# nodebug" * Use Group: Development/Languages/Go instead of Other ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2272=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2272=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go-doc-1.20-150000.3.29.1 * go-1.20-150000.3.29.1 * go-race-1.20-150000.3.29.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go-1.20-150000.3.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 * https://bugzilla.suse.com/show_bug.cgi?id=1210938 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:43 -0000 Subject: SUSE-RU-2023:2239-2: low: Recommended update for zram-generator Message-ID: <168735070397.19377.12706974393334672349@smelt2.suse.de> # Recommended update for zram-generator Announcement ID: SUSE-RU-2023:2239-2 Rating: low References: * #1200961 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for zram-generator fixes the following issues: * Fixed typo in the description (bsc#1200961) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2239=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2239=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * zram-generator-debugsource-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-debuginfo-1.1.1~git5.8612dbb-150400.3.3.2 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * zram-generator-debugsource-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-1.1.1~git5.8612dbb-150400.3.3.2 * zram-generator-debuginfo-1.1.1~git5.8612dbb-150400.3.3.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200961 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:45 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:45 -0000 Subject: SUSE-FU-2023:2271-2: moderate: Feature update for xz-java Message-ID: <168735070543.19377.14757852436244822078@smelt2.suse.de> # Feature update for xz-java Announcement ID: SUSE-FU-2023:2271-2 Rating: moderate References: Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that contains one feature can now be installed. ## Description: This update for xz-java fixes the following issues: * Version update from 1.8 to 1.9: * For the list of fixes and changes see the release notes at /usr/share/doc/packages/xz-java/NEWS ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2271=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2271=1 ## Package List: * openSUSE Leap 15.5 (noarch) * xz-java-1.9-150200.3.7.1 * xz-java-javadoc-1.9-150200.3.7.1 * Development Tools Module 15-SP5 (noarch) * xz-java-1.9-150200.3.7.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:47 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:47 -0000 Subject: SUSE-SU-2023:2096-2: important: Security update for netty, netty-tcnative Message-ID: <168735070792.19377.6467677298369375471@smelt2.suse.de> # Security update for netty, netty-tcnative Announcement ID: SUSE-SU-2023:2096-2 Rating: important References: * #1199338 * #1206360 * #1206379 Cross-References: * CVE-2022-24823 * CVE-2022-41881 * CVE-2022-41915 CVSS scores: * CVE-2022-24823 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-24823 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2022-41881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-41915 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2022-41915 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities and contains one feature can now be installed. ## Description: This update for netty, netty-tcnative fixes the following issues: netty: * Security fixes included in this version update from 4.1.75 to 4.1.90: * CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix- Like systems due temporary files for Java 6 and lower in io.netty:netty- codec-http (bsc#1199338) * CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360) * CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379) * Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90: * Build with Java 11 on ix86 architecture in order to avoid build failures * Fix `HttpHeaders.names` for non-String headers * Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off * Fix brotli compression * Fix a bug in FlowControlHandler that broke auto-read * Fix a potential memory leak bug has been in the pooled allocator * Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the `Klass::secondary_super_cache` field in the JVM * Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath * Fix several `NullPointerException` bugs * Fix a regression `SslContext` private key loading * Fix a bug in `SslContext` private key reading fall-back path * Fix a buffer leak regression in `HttpClientCodec` * Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly * Fix epoll bug when receiving zero-sized datagrams * Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception * Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop thread * Fix a bug where an OPT record was added to DNS queries that already had such a record * Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name * Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext` * Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established with prior-knowledge * Fix a bug where Netty fails to load a shaded native library * Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox * Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols` system properties, making them react to these in the same way the JDK SSL provider does * Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP * For a more detailed list of changes please consult the official release notes: * Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html * Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html * Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html * Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html * Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html * Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html * Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html * Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html * Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html * Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html * Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html * Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html * Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html * Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html netty-tcnative: * New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains important security updates * No formal changelog present. This artifact is closely bound to the netty releases ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2096=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2096=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2096=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * netty-4.1.90-150200.4.14.1 * openSUSE Leap 15.5 (noarch) * netty-tcnative-javadoc-2.0.59-150200.3.10.1 * netty-javadoc-4.1.90-150200.4.14.1 * netty-poms-4.1.90-150200.4.14.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-tcnative-2.0.59-150200.3.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * netty-4.1.90-150200.4.14.1 * SUSE Package Hub 15 15-SP5 (noarch) * netty-javadoc-4.1.90-150200.4.14.1 * netty-poms-4.1.90-150200.4.14.1 ## References: * https://www.suse.com/security/cve/CVE-2022-24823.html * https://www.suse.com/security/cve/CVE-2022-41881.html * https://www.suse.com/security/cve/CVE-2022-41915.html * https://bugzilla.suse.com/show_bug.cgi?id=1199338 * https://bugzilla.suse.com/show_bug.cgi?id=1206360 * https://bugzilla.suse.com/show_bug.cgi?id=1206379 * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:50 -0000 Subject: SUSE-SU-2023:2261-2: important: Security update for terraform-provider-null Message-ID: <168735071070.19377.9147736453959038316@smelt2.suse.de> # Security update for terraform-provider-null Announcement ID: SUSE-SU-2023:2261-2 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has two fixes can now be installed. ## Description: This update of terraform-provider-null fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2261=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2261=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2261=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:52 -0000 Subject: SUSE-SU-2023:2253-2: important: Security update for terraform-provider-aws Message-ID: <168735071278.19377.4137898583041320044@smelt2.suse.de> # Security update for terraform-provider-aws Announcement ID: SUSE-SU-2023:2253-2 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has two fixes can now be installed. ## Description: This update of terraform-provider-aws fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2253=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2253=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2253=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:56 -0000 Subject: SUSE-RU-2023:2564-1: moderate: Recommended update for microos-tools Message-ID: <168735071650.19377.16185879703615170748@smelt2.suse.de> # Recommended update for microos-tools Announcement ID: SUSE-RU-2023:2564-1 Rating: moderate References: * #1205011 * #1211356 Affected Products: * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro for Rancher 5.3 An update that has two recommended fixes can now be installed. ## Description: This update for microos-tools fixes the following issues: * Update to version 2.18 * Add TMPDIR to tukit binddirs for Salt (bsc#1211356, bsc#1205011) * 98selinux-microos: Add chroot as dependency * Fix spelling error in warning ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2564=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2564=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2564=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * microos-tools-2.18-150400.3.7.1 * microos-tools-debugsource-2.18-150400.3.7.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * microos-tools-2.18-150400.3.7.1 * microos-tools-debugsource-2.18-150400.3.7.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * microos-tools-2.18-150400.3.7.1 * microos-tools-debugsource-2.18-150400.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205011 * https://bugzilla.suse.com/show_bug.cgi?id=1211356 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:31:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:31:58 -0000 Subject: SUSE-SU-2023:2562-1: important: Security update for bluez Message-ID: <168735071856.19377.17082124540852377779@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:2562-1 Rating: important References: * #1210398 Cross-References: * CVE-2023-27349 CVSS scores: * CVE-2023-27349 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2562=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2562=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2562=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2562=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2562=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2562=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2562=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2562=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2562=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2562=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2562=1 ## Package List: * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-cups-debuginfo-5.13-5.39.1 * bluez-cups-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * SUSE OpenStack Cloud 9 (x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * bluez-devel-5.13-5.39.1 * bluez-debugsource-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * bluez-debugsource-5.13-5.39.1 * bluez-5.13-5.39.1 * bluez-debuginfo-5.13-5.39.1 * libbluetooth3-5.13-5.39.1 * libbluetooth3-debuginfo-5.13-5.39.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27349.html * https://bugzilla.suse.com/show_bug.cgi?id=1210398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:32:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:32:00 -0000 Subject: SUSE-SU-2023:2561-1: critical: Security update for python-reportlab Message-ID: <168735072067.19377.4658785630451968575@smelt2.suse.de> # Security update for python-reportlab Announcement ID: SUSE-SU-2023:2561-1 Rating: critical References: * #1212065 Cross-References: * CVE-2023-33733 CVSS scores: * CVE-2023-33733 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for python-reportlab fixes the following issues: * CVE-2023-33733: Fixed arbitrary code execution via supplying a crafted PDF file (bsc#1212065). ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2561=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2561=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2561=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2561=1 ## Package List: * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-reportlab-3.4.0-150000.3.9.1 * python-reportlab-debugsource-3.4.0-150000.3.9.1 * python3-reportlab-debuginfo-3.4.0-150000.3.9.1 * python-reportlab-debuginfo-3.4.0-150000.3.9.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-reportlab-3.4.0-150000.3.9.1 * python-reportlab-debugsource-3.4.0-150000.3.9.1 * python3-reportlab-debuginfo-3.4.0-150000.3.9.1 * python-reportlab-debuginfo-3.4.0-150000.3.9.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * python3-reportlab-3.4.0-150000.3.9.1 * python-reportlab-debugsource-3.4.0-150000.3.9.1 * python3-reportlab-debuginfo-3.4.0-150000.3.9.1 * python-reportlab-debuginfo-3.4.0-150000.3.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * python3-reportlab-3.4.0-150000.3.9.1 * python-reportlab-debugsource-3.4.0-150000.3.9.1 * python3-reportlab-debuginfo-3.4.0-150000.3.9.1 * python-reportlab-debuginfo-3.4.0-150000.3.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33733.html * https://bugzilla.suse.com/show_bug.cgi?id=1212065 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 12:32:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 12:32:02 -0000 Subject: SUSE-RU-2023:2560-1: moderate: Recommended update for rust-cbindgen Message-ID: <168735072212.19377.3658059986805646632@smelt2.suse.de> # Recommended update for rust-cbindgen Announcement ID: SUSE-RU-2023:2560-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for rust-cbindgen fixes the following issues: Update to version 0.24.3+git0: * tests: Add a test for struct constants going through typedefs. * bindings: Peel through typedefs for struct constant generation. * bitflags: Be explicit in binary operators and such. * constant: Add support for unary negation. * bitflags: Make more operations constexpr. Update to version 0.24.2+git0: * bitflags: Be explicit in binary operators and such. * constant: Add support for unary negation. * bitflags: Make more operations constexpr. * constant: Support suffixes for integers that otherwise would be narrowed. * Fix specialization of `SomeType<N>` when `N` is a const parameter. * Minor refactor of ConstExpr::load(). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2560=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2560=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2560=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rust-cbindgen-debuginfo-0.24.3+git0-150000.1.15.1 * rust-cbindgen-0.24.3+git0-150000.1.15.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rust-cbindgen-debuginfo-0.24.3+git0-150000.1.15.1 * rust-cbindgen-0.24.3+git0-150000.1.15.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * rust-cbindgen-debuginfo-0.24.3+git0-150000.1.15.1 * rust-cbindgen-0.24.3+git0-150000.1.15.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 15:35:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 17:35:50 +0200 (CEST) Subject: SUSE-CU-2023:2047-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20230621153550.44482F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2047-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.6 , suse/manager/4.3/proxy-httpd:4.3.6.9.31.1 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.31.1 Severity : important Type : security References : 1127591 1186870 1191112 1194715 1195633 1198097 1199020 1199282 1201063 1201063 1202234 1203141 1203355 1203537 1203599 1203599 1203750 1204089 1204089 1204270 1204270 1204549 1204900 1204900 1205529 1205600 1205600 1206060 1206060 1206191 1206191 1206423 1206423 1206513 1206725 1206725 1206783 1206783 1207063 1207063 1207327 1207410 1207571 1207595 1207595 1207814 1207814 1207829 1207829 1207830 1207830 1207957 1207975 1208046 1208288 1208288 1208321 1208321 1208329 1208358 1208427 1208427 1208432 1208471 1208522 1208522 1208529 1208536 1208536 1208540 1208540 1208540 1208550 1208550 1208586 1208586 1208661 1208661 1208687 1208687 1208708 1208719 1208719 1208772 1208772 1208772 1208965 1209047 1209049 1209094 1209119 1209122 1209140 1209143 1209143 1209149 1209149 1209209 1209210 1209211 1209212 1209214 1209215 1209215 1209220 1209220 1209231 1209231 1209253 1209253 1209277 1209277 1209386 1209386 1209395 1209395 1209406 1209434 1209434 1209508 1209508 1209533 1209557 1209557 1209565 1209624 1209713 1209714 1209873 1209878 1209918 1209926 1209926 1209938 1209938 1209993 1209993 1210086 1210086 1210094 1210094 1210101 1210101 1210107 1210107 1210135 1210154 1210154 1210162 1210162 1210164 1210349 1210349 1210411 1210412 1210434 1210437 1210437 1210458 1210458 1210507 1210591 1210593 1210702 1210776 1210776 1210835 1210835 1210870 1211158 1211230 1211231 1211232 1211233 1211354 1211430 1211661 1211795 1211956 1211958 1211958 1212096 1212187 1212187 1212189 1212363 1212363 1212516 CVE-2007-4559 CVE-2022-46146 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-22644 CVE-2023-22644 CVE-2023-24329 CVE-2023-24593 CVE-2023-25180 CVE-2023-25690 CVE-2023-2650 CVE-2023-27522 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1585-1 Released: Mon Mar 27 11:03:32 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1208540,1208772 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1658-1 Released: Wed Mar 29 09:44:07 2023 Summary: Security update for apache2 Type: security Severity: important References: 1207327,1208708,1209047,1209049,CVE-2023-25690,CVE-2023-27522 This update for apache2 fixes the following issues: - CVE-2023-27522: Fixed HTTP response splitting in mod_proxy_uwsgi (bsc#1209049). - CVE-2023-25690: Fixed HTTP request splitting with mod_rewrite and mod_proxy (bsc#1209047). The following non-security bugs were fixed: - Fixed mod_proxy handling of very long urls (bsc#1207327) - Fixed passing health check does not recover worker from its error state (bsc#1208708). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1753-1 Released: Tue Apr 4 11:55:00 2023 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: This update for systemd-presets-common-SUSE fixes the following issue: - Enable systemd-pstore.service by default (jsc#PED-2663) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1920-1 Released: Wed Apr 19 16:22:58 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1938-1 Released: Thu Apr 20 18:44:53 2023 Summary: Recommended update for NetworkManager Type: recommended Severity: low References: 1194715,1204549,1205529 This update for NetworkManager fixes the following issue: - Adds missing NetworkManager and dependencies to Micro 5.3 (bsc#1204549, bsc#1205529) - rp-pppoe: replace deprecated ifconfig dependency with iproute2. (bsc#1194715, jsc#SLE-24004) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2307-1 Released: Mon May 29 10:29:49 2023 Summary: Recommended update for kbd Type: recommended Severity: low References: 1210702 This update for kbd fixes the following issue: - Add 'ara' vc keymap, 'ara' is slightly better than 'arabic' as it matches the name of its X11 layout counterpart. (bsc#1210702) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2566-1 Released: Wed Jun 21 13:19:32 2023 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1201063,1203599,1204089,1204270,1204900,1205600,1206060,1206191,1206423,1206725,1206783,1207063,1207595,1207814,1207829,1207830,1208288,1208321,1208427,1208522,1208536,1208540,1208550,1208586,1208661,1208687,1208719,1208772,1208965,1209119,1209143,1209149,1209215,1209220,1209231,1209253,1209277,1209386,1209395,1209434,1209508,1209557,1209926,1209938,1209993,1210086,1210094,1210101,1210107,1210154,1210162,1210349,1210437,1210458,1210776,1210835,1211956,1211958,1212363,CVE-2023-22644 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2592-1 Released: Wed Jun 21 14:33:51 2023 Summary: Maintenance update for SUSE Manager 4.3.6 Release Notes Type: recommended Severity: important References: 1201063,1203599,1204089,1204270,1204900,1205600,1206060,1206191,1206423,1206725,1206783,1207063,1207595,1207814,1207829,1207830,1208046,1208288,1208321,1208427,1208522,1208536,1208540,1208550,1208586,1208661,1208687,1208719,1208772,1209143,1209149,1209215,1209220,1209231,1209253,1209277,1209386,1209395,1209434,1209508,1209557,1209926,1209938,1209993,1210086,1210094,1210101,1210107,1210154,1210162,1210349,1210437,1210458,1210776,1210835,1211958,1212096,1212363,1212516,CVE-2022-46146,CVE-2023-22644 Maintenance update for SUSE Manager 4.3.6 Release Notes: This is a codestream only update The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - procps-3.3.15-150000.7.31.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - libsolv-tools-0.7.24-150400.3.8.1 updated - shadow-4.8.1-150400.10.6.1 updated - libzypp-17.31.13-150400.3.32.1 updated - zypper-1.14.60-150400.3.21.2 updated - util-linux-2.37.2-150400.8.17.1 updated - timezone-2023c-150000.75.23.1 updated - curl-8.0.1-150400.5.23.1 updated - kbd-legacy-2.4.0-150400.5.6.1 updated - libgmodule-2_0-0-2.70.5-150400.3.8.1 updated - libgobject-2_0-0-2.70.5-150400.3.8.1 updated - libslang2-2.3.1a-150000.5.2.3 updated - release-notes-susemanager-proxy-4.3.6-150400.3.55.4 updated - systemd-presets-common-SUSE-15-150100.8.20.1 updated - zstd-1.5.0-150400.3.3.1 updated - kbd-2.4.0-150400.5.6.1 updated - python3-base-3.6.15-150300.10.48.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - libnewt0_52-0.52.20-150000.7.2.3 updated - python3-3.6.15-150300.10.48.1 updated - hwdata-0.368-150000.3.57.1 updated - apache2-utils-2.4.51-150400.6.11.1 updated - newt-0.52.20-150000.7.2.3 updated - systemd-249.16-150400.8.28.3 updated - libgio-2_0-0-2.70.5-150400.3.8.1 updated - glib2-tools-2.70.5-150400.3.8.1 updated - python3-uyuni-common-libs-4.3.8-150400.3.12.5 updated - python3-newt-0.52.20-150000.7.2.3 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-libxml2-2.9.14-150400.5.16.1 updated - apache2-2.4.51-150400.6.11.1 updated - apache2-prefork-2.4.51-150400.6.11.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - spacewalk-backend-4.3.21-150400.3.21.13 updated - spacewalk-proxy-package-manager-4.3.16-150400.3.20.6 updated - spacewalk-proxy-common-4.3.16-150400.3.20.6 updated - spacewalk-proxy-broker-4.3.16-150400.3.20.6 updated - spacewalk-proxy-redirect-4.3.16-150400.3.20.6 updated - container:registry.suse.com-bci-bci-base-15.4-- added - container:registry.suse.com_bci_bci-base:15.4-- removed - python3-linecache2-1.0.0-1.25 removed - python3-pbr-4.3.0-6.22 removed - python3-python-mimeparse-1.6.0-4.22 removed - python3-testtools-2.3.0-4.27 removed - python3-traceback2-1.4.0-1.25 removed - python3-unittest2-1.1.0-5.22 removed From sle-updates at lists.suse.com Wed Jun 21 15:35:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 17:35:58 +0200 (CEST) Subject: SUSE-CU-2023:2048-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20230621153558.CB538F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2048-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.6 , suse/manager/4.3/proxy-salt-broker:4.3.6.9.21.1 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.21.1 Severity : important Type : security References : 1127591 1186945 1191112 1195633 1198097 1199020 1202234 1203141 1203355 1203537 1203750 1206513 1207071 1207410 1207571 1207957 1207975 1208329 1208358 1208432 1208471 1208529 1209094 1209122 1209140 1209209 1209210 1209211 1209212 1209214 1209233 1209406 1209533 1209565 1209624 1209713 1209714 1209873 1209878 1209918 1210135 1210164 1210411 1210412 1210434 1210507 1210591 1210593 1210870 1211158 1211230 1211231 1211232 1211233 1211354 1211430 1211612 1211661 1211754 1211795 1212187 1212187 1212189 1212516 1212517 CVE-2007-4559 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-24329 CVE-2023-24593 CVE-2023-25180 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2060-1 Released: Thu Apr 27 17:04:25 2023 Summary: Security update for glib2 Type: security Severity: moderate References: 1209713,1209714,1210135,CVE-2023-24593,CVE-2023-25180 This update for glib2 fixes the following issues: - CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714). - CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713). The following non-security bug was fixed: - Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2245-1 Released: Thu May 18 17:01:47 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2341-1 Released: Thu Jun 1 11:31:27 2023 Summary: Recommended update for libsigc++2 Type: recommended Severity: moderate References: 1209094,1209140 This update for libsigc++2 fixes the following issues: - Remove executable permission for file (bsc#1209094, bsc#1209140) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2495-1 Released: Tue Jun 13 15:05:27 2023 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1211661,1212187 This update for libzypp fixes the following issues: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] - Do not unconditionally release a medium if provideFile failed. [bsc#1211661] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2550-1 Released: Mon Jun 19 17:51:21 2023 Summary: Recommended update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings Type: recommended Severity: moderate References: 1191112,1198097,1199020,1202234,1209565,1210591,1211354,1212187,1212189 This update for autoyast2, libsolv, libyui, libzypp, yast2-pkg-bindings ships the update stack to the INSTALLER self-update channel. yast2-pkg-bindings: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) autoyast2: - Selected products are not installed after resetting the package manager internally (bsc#1202234) libyui: - Prevent buffer overflow when drawing very wide labels in ncurses (bsc#1211354) - Fixed loading icons from an absolute path (bsc#1210591) - Fix for main window stacking order to avoid unintentional transparency (bsc#1199020, bsc#1191112) - Force messages from .ui file through our translation mechanism (bsc#1198097) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2585-1 Released: Wed Jun 21 14:14:45 2023 Summary: Security update for salt and python-pyzmq Type: security Severity: moderate References: 1186945,1207071,1209233,1211612,1211754,1212516,1212517 This update for salt and python-pyzmq fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-pyzmq: - Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945) The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libglib-2_0-0-2.70.5-150400.3.8.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - libsigc-2_0-0-2.10.7-150400.3.3.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libzck1-1.1.16-150400.3.4.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libprocps7-3.3.15-150000.7.31.1 updated - procps-3.3.15-150000.7.31.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - libsolv-tools-0.7.24-150400.3.8.1 updated - shadow-4.8.1-150400.10.6.1 updated - libzypp-17.31.13-150400.3.32.1 updated - zypper-1.14.60-150400.3.21.2 updated - util-linux-2.37.2-150400.8.17.1 updated - timezone-2023c-150000.75.23.1 updated - curl-8.0.1-150400.5.23.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-3.6.15-150300.10.48.1 updated - python3-pyzmq-17.1.2-150000.3.5.2 updated - container:registry.suse.com-bci-bci-base-15.4-- added - container:registry.suse.com_bci_bci-base:15.4-- removed From sle-updates at lists.suse.com Wed Jun 21 15:36:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 17:36:10 +0200 (CEST) Subject: SUSE-CU-2023:2049-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20230621153610.B5A17F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2049-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.6 , suse/manager/4.3/proxy-squid:4.3.6.9.30.1 , suse/manager/4.3/proxy-squid:latest Container Release : 9.30.1 Severity : important Type : security References : 1203141 1203537 1206513 1207410 1207571 1207957 1207975 1208358 1208432 1208529 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 1209918 1210164 1210411 1210412 1210434 1210507 1210593 1211230 1211231 1211232 1211233 1211430 1211795 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.2-150400.8.17.1 updated - timezone-2023c-150000.75.23.1 updated - container:registry.suse.com-bci-bci-base-15.4-- added - container:registry.suse.com_bci_bci-base:15.4-- removed From sle-updates at lists.suse.com Wed Jun 21 15:36:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 17:36:19 +0200 (CEST) Subject: SUSE-CU-2023:2050-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20230621153619.3CCE2F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2050-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.6 , suse/manager/4.3/proxy-ssh:4.3.6.9.21.1 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.21.1 Severity : important Type : security References : 1203141 1203355 1203537 1203750 1206513 1207014 1207410 1207571 1207957 1207975 1208358 1208432 1208471 1208529 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 1209918 1210164 1210411 1210412 1210434 1210507 1210593 1211158 1211230 1211231 1211232 1211233 1211430 1211795 CVE-2007-4559 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-24329 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2131-1 Released: Tue May 9 13:35:24 2023 Summary: Recommended update for openssh Type: recommended Severity: important References: 1207014 This update for openssh fixes the following issues: - Remove some patches that cause invalid environment assignments (bsc#1207014). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libudev1-249.16-150400.8.28.3 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.2-150400.8.17.1 updated - timezone-2023c-150000.75.23.1 updated - openssh-common-8.4p1-150300.3.18.2 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-3.6.15-150300.10.48.1 updated - openssh-fips-8.4p1-150300.3.18.2 updated - openssh-server-8.4p1-150300.3.18.2 updated - openssh-clients-8.4p1-150300.3.18.2 updated - openssh-8.4p1-150300.3.18.2 updated - container:registry.suse.com-bci-bci-base-15.4-- added - container:registry.suse.com_bci_bci-base:15.4-- removed From sle-updates at lists.suse.com Wed Jun 21 15:36:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 17:36:27 +0200 (CEST) Subject: SUSE-CU-2023:2051-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20230621153627.542C6F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2051-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.6 , suse/manager/4.3/proxy-tftpd:4.3.6.9.21.1 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.21.1 Severity : important Type : security References : 1186870 1199282 1203141 1203355 1203537 1203750 1206513 1207410 1207571 1207957 1207975 1208358 1208432 1208471 1208529 1209209 1209210 1209211 1209212 1209214 1209533 1209624 1209873 1209878 1209918 1210164 1210411 1210412 1210434 1210507 1210593 1211158 1211230 1211231 1211232 1211233 1211430 1211795 CVE-2007-4559 CVE-2022-4899 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466 CVE-2023-0687 CVE-2023-24329 CVE-2023-2650 CVE-2023-27533 CVE-2023-27534 CVE-2023-27535 CVE-2023-27536 CVE-2023-27538 CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 CVE-2023-28484 CVE-2023-29383 CVE-2023-29469 CVE-2023-29491 CVE-2023-2953 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:868-1 Released: Wed Mar 22 09:41:01 2023 Summary: Security update for python3 Type: security Severity: important References: 1203355,1208471,CVE-2023-24329 This update for python3 fixes the following issues: - CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471). The following non-security bug was fixed: - Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1582-1 Released: Mon Mar 27 10:31:52 2023 Summary: Security update for curl Type: security Severity: moderate References: 1209209,1209210,1209211,1209212,1209214,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538 This update for curl fixes the following issues: - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1662-1 Released: Wed Mar 29 10:36:23 2023 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1203537 This update for patterns-base fixes the following issues: - change label of FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1688-1 Released: Wed Mar 29 18:19:10 2023 Summary: Security update for zstd Type: security Severity: moderate References: 1209533,CVE-2022-4899 This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1745-1 Released: Tue Apr 4 09:05:23 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209624,CVE-2023-0464 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1779-1 Released: Thu Apr 6 08:16:58 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1208432 This update for systemd fixes the following issues: - Fix return non-zero value when disabling SysVinit service (bsc#1208432) - Drop build requirement on libpci, it's not no longer needed - Move systemd-boot and all components managing (secure) UEFI boot into udev sub-package, so they aren't installed in systemd based containers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1805-1 Released: Tue Apr 11 10:12:41 2023 Summary: Recommended update for timezone Type: recommended Severity: important References: This update for timezone fixes the following issues: - Version update from 2022g to 2023c: * Egypt now uses DST again, from April through October. * This year Morocco springs forward April 23, not April 30. * Palestine delays the start of DST this year. * Much of Greenland still uses DST from 2024 on. * America/Yellowknife now links to America/Edmonton. * tzselect can now use current time to help infer timezone. * The code now defaults to C99 or later. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1911-1 Released: Wed Apr 19 13:02:33 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:1916-1 Released: Wed Apr 19 16:17:58 2023 Summary: Recommended update for sles-release Type: recommended Severity: low References: 1208529 This update for sles-release fixes the following issue: - Filter libhogweed4 and libnettle6 so they dont get orphaned on system upgrades. (bsc#1208529) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2053-1 Released: Thu Apr 27 11:31:08 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1209918,1210411,1210412,CVE-2023-28484,CVE-2023-29469 This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). The following non-security bug was fixed: - Remove unneeded dependency (bsc#1209918). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2066-1 Released: Fri Apr 28 13:54:17 2023 Summary: Security update for shadow Type: security Severity: moderate References: 1210507,CVE-2023-29383 This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2111-1 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1210434,CVE-2023-29491 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2133-1 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1206513 This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2192-1 Released: Fri May 12 12:49:02 2023 Summary: Feature update for python311, python311-pip, python311-setuptools Type: feature Severity: moderate References: This release of python311, python311-pip, python311-setuptools adds the following feature: - Add Python-3.11 to SLE-15-SP4 Python Module (jsc#PED-68, jsc#PED-2634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2216-1 Released: Tue May 16 11:27:50 2023 Summary: Recommended update for python-packaging Type: recommended Severity: important References: 1186870,1199282 This update for python-packaging fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - Add patch to fix testsuite on big-endian targets - Ignore python3.6.2 since the test doesn't support it. - update to 21.3: * Add a pp3-none-any tag * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion * Fix a spelling mistake - update to 21.2: * Update documentation entry for 21.1. * Update pin to pyparsing to exclude 3.0.0. * PEP 656: musllinux support * Drop support for Python 2.7, Python 3.4 and Python 3.5 * Replace distutils usage with sysconfig * Add support for zip files * Use cached hash attribute to short-circuit tag equality comparisons * Specify the default value for the 'specifier' argument to 'SpecifierSet' * Proper keyword-only 'warn' argument in packaging.tags * Correctly remove prerelease suffixes from ~= check * Fix type hints for 'Version.post' and 'Version.dev' * Use typing alias 'UnparsedVersion' * Improve type inference * Tighten the return typeo - Add Provides: for python*dist(packaging). (bsc#1186870) - add no-legacyversion-warning.patch to restore compatibility with 20.4 - update to 20.9: * Add support for the ``macosx_10_*_universal2`` platform tags * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()`` - update to 20.8: * Revert back to setuptools for compatibility purposes for some Linux distros * Do not insert an underscore in wheel tags when the interpreter version number is more than 2 digits * Fix flit configuration, to include LICENSE files * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag * Add some missing type hints to `packaging.requirements` * Officially support Python 3.9 * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes * Handle ``OSError`` on non-dynamic executables when attempting to resolve the glibc version string. - update to 20.4: * Canonicalize version before comparing specifiers. * Change type hint for ``canonicalize_name`` to return ``packaging.utils.NormalizedName``. This enables the use of static typing tools (like mypy) to detect mixing of normalized and un-normalized names. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2224-1 Released: Wed May 17 09:53:54 2023 Summary: Security update for curl Type: security Severity: important References: 1211230,1211231,1211232,1211233,CVE-2023-28319,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2240-1 Released: Wed May 17 19:56:54 2023 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1203141,1207410 This update for systemd fixes the following issues: - udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) - Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) - Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2317-1 Released: Tue May 30 14:01:22 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1210164 This update for util-linux fixes the following issue: - Add upstream patch to prevent possible performance degradation of libuuid (bsc#1210164) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2333-1 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1210593 This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2342-1 Released: Thu Jun 1 11:34:20 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1211430,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2484-1 Released: Mon Jun 12 08:49:58 2023 Summary: Security update for openldap2 Type: security Severity: moderate References: 1211795,CVE-2023-2953 This update for openldap2 fixes the following issues: - CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). The following package changes have been done: - libldap-data-2.4.46-150200.14.14.1 updated - glibc-2.31-150300.46.1 updated - libzstd1-1.5.0-150400.3.3.1 updated - libuuid1-2.37.2-150400.8.17.1 updated - libsmartcols1-2.37.2-150400.8.17.1 updated - libblkid1-2.37.2-150400.8.17.1 updated - libfdisk1-2.37.2-150400.8.17.1 updated - libz1-1.2.11-150000.3.45.1 updated - libncurses6-6.1-150000.5.15.1 updated - terminfo-base-6.1-150000.5.15.1 updated - ncurses-utils-6.1-150000.5.15.1 updated - libxml2-2-2.9.14-150400.5.16.1 updated - libsystemd0-249.16-150400.8.28.3 updated - libopenssl1_1-1.1.1l-150400.7.37.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.37.1 updated - patterns-base-fips-20200124-150400.20.4.1 updated - libldap-2_4-2-2.4.46-150200.14.14.1 updated - libmount1-2.37.2-150400.8.17.1 updated - login_defs-4.8.1-150400.10.6.1 updated - sles-release-15.4-150400.58.7.3 updated - libcurl4-8.0.1-150400.5.23.1 updated - shadow-4.8.1-150400.10.6.1 updated - util-linux-2.37.2-150400.8.17.1 updated - timezone-2023c-150000.75.23.1 updated - openssl-1_1-1.1.1l-150400.7.37.1 updated - libpython3_6m1_0-3.6.15-150300.10.48.1 updated - python3-base-3.6.15-150300.10.48.1 updated - python3-3.6.15-150300.10.48.1 updated - python3-packaging-21.3-150200.3.3.1 updated - python3-setuptools-44.1.1-150400.9.3.3 updated - container:registry.suse.com-bci-bci-base-15.4-- added - container:registry.suse.com_bci_bci-base:15.4-- removed From sle-updates at lists.suse.com Wed Jun 21 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 16:30:04 -0000 Subject: SUSE-RU-202305:15220-1: important: Recommended update for SUSE Manager Salt Bundle Message-ID: <168736500406.12131.7274490892869200300@smelt2.suse.de> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-202305:15220-1 Rating: important References: * #1207071 * #1209233 * #1211612 Affected Products: * SUSE Manager Client Tools for Ubuntu 22.04 2204 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Create new salt-tests subpackage containing Salt tests * Fix SLS rendering error when Jinja macros are used * Fix to avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for Ubuntu 22.04 2204 zypper in -t patch suse-ubu224ct-client-tools-202305-15220=1 ## Package List: * SUSE Manager Client Tools for Ubuntu 22.04 2204 (amd64) * venv-salt-minion-3006.0-2.21.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 16:30:06 -0000 Subject: SUSE-RU-2023:2583-1: important: Recommended update for SUSE Manager Salt Bundle Message-ID: <168736500639.12131.9260041838946271028@smelt2.suse.de> # Recommended update for SUSE Manager Salt Bundle Announcement ID: SUSE-RU-2023:2583-1 Rating: important References: * #1207071 * #1209233 * #1211612 Affected Products: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 An update that contains two features and has three recommended fixes can now be installed. ## Description: This update fixes the following issues: venv-salt-minion: * Update to Salt release version 3006.0 (jsc#PED-3139) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html * Add python3-looseversion as new dependency for salt * Add python3-packaging as new dependency for salt * Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071) * Fix SLS rendering error when Jinja macros are used * Fix to avoid conflicts with Salt dependencies versions (bsc#1211612) * Fix version detection and avoid building and testing failures * Prevent deadlocks in salt-ssh executions * Require python3-jmespath runtime dependency (bsc#1209233) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-2583=1 ## Package List: * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le s390x x86_64) * venv-salt-minion-3006.0-1.16.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207071 * https://bugzilla.suse.com/show_bug.cgi?id=1209233 * https://bugzilla.suse.com/show_bug.cgi?id=1211612 * https://jira.suse.com/browse/MSQA-666 * https://jira.suse.com/browse/PED-3139 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 21 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 21 Jun 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2224-2: important: Security update for curl Message-ID: <168737940470.11486.11695487499179507733@smelt2.suse.de> # Security update for curl Announcement ID: SUSE-SU-2023:2224-2 Rating: important References: * #1211230 * #1211231 * #1211232 * #1211233 Cross-References: * CVE-2023-28319 * CVE-2023-28320 * CVE-2023-28321 * CVE-2023-28322 CVSS scores: * CVE-2023-28319 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28319 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-28320 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-28320 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28321 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2023-28321 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-28322 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2023-28322 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: * openSUSE Leap 15.5 An update that solves four vulnerabilities and contains one feature can now be installed. ## Description: This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) * CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). * CVE-2023-28320: siglongjmp race condition (bsc#1211231). * CVE-2023-28321: IDN wildcard matching (bsc#1211232). * CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2224=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libcurl4-8.0.1-150400.5.23.1 * curl-8.0.1-150400.5.23.1 * libcurl4-debuginfo-8.0.1-150400.5.23.1 * curl-debuginfo-8.0.1-150400.5.23.1 * curl-debugsource-8.0.1-150400.5.23.1 * libcurl-devel-8.0.1-150400.5.23.1 * openSUSE Leap 15.5 (x86_64) * libcurl4-32bit-debuginfo-8.0.1-150400.5.23.1 * libcurl4-32bit-8.0.1-150400.5.23.1 * libcurl-devel-32bit-8.0.1-150400.5.23.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28319.html * https://www.suse.com/security/cve/CVE-2023-28320.html * https://www.suse.com/security/cve/CVE-2023-28321.html * https://www.suse.com/security/cve/CVE-2023-28322.html * https://bugzilla.suse.com/show_bug.cgi?id=1211230 * https://bugzilla.suse.com/show_bug.cgi?id=1211231 * https://bugzilla.suse.com/show_bug.cgi?id=1211232 * https://bugzilla.suse.com/show_bug.cgi?id=1211233 * https://jira.suse.com/browse/PED-2580 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 07:04:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:04:30 +0200 (CEST) Subject: SUSE-CU-2023:2052-1: Security update of suse/sle15 Message-ID: <20230622070430.A9E00F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2052-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.780 Container Release : 6.2.780 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.30.1 updated From sle-updates at lists.suse.com Thu Jun 22 07:06:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:06:06 +0200 (CEST) Subject: SUSE-CU-2023:2053-1: Security update of suse/sle15 Message-ID: <20230622070606.BB49DF3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2053-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.307 Container Release : 9.5.307 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.30.1 updated From sle-updates at lists.suse.com Thu Jun 22 07:07:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:07:24 +0200 (CEST) Subject: SUSE-CU-2023:2054-1: Security update of suse/sle15 Message-ID: <20230622070724.D3096F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2054-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.149 , suse/sle15:15.3 , suse/sle15:15.3.17.20.149 Container Release : 17.20.149 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.30.1 updated From sle-updates at lists.suse.com Thu Jun 22 07:10:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:10:38 +0200 (CEST) Subject: SUSE-CU-2023:2061-1: Security update of suse/sle15 Message-ID: <20230622071038.3A407F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2061-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.70 , suse/sle15:15.4 , suse/sle15:15.4.27.14.70 Container Release : 27.14.70 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.30.1 updated From sle-updates at lists.suse.com Thu Jun 22 07:11:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:11:09 +0200 (CEST) Subject: SUSE-CU-2023:2082-1: Recommended update of bci/rust Message-ID: <20230622071109.CABF4F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2082-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-4.2 , bci/rust:oldstable , bci/rust:oldstable-4.2 Container Release : 4.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2071-1 Released: Fri Apr 28 15:26:59 2023 Summary: Recommended update for rust Type: recommended Severity: moderate References: This update for rust fixes the following issues: - Update to version 1.69.0 - for details see the rust1.69 package The following package changes have been done: - rust1.69-1.69.0-150400.9.3.1 added - cargo1.69-1.69.0-150400.9.3.1 added - cargo1.68-1.68.2-150400.9.10.2 removed - rust1.68-1.68.2-150400.9.10.2 removed From sle-updates at lists.suse.com Thu Jun 22 07:11:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:11:10 +0200 (CEST) Subject: SUSE-CU-2023:2083-1: Recommended update of bci/rust Message-ID: <20230622071110.F11A5F3C1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2083-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-5.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-5.2 Container Release : 5.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2559-1 Released: Tue Jun 20 18:03:33 2023 Summary: Recommended update for rust, rust1.70 Type: recommended Severity: moderate References: This update for rust, rust1.70 fixes the following issues: Changes in rust: - Update to version 1.70.0 - for details see the rust1.70 package Changes in rust1.70: Version 1.70.0 (2023-06-01) ========================== Language -------- - Relax ordering rules for `asm!` operands - Properly allow macro expanded `format_args` invocations to uses captures - Lint ambiguous glob re-exports - Perform const and unsafe checking for expressions in `let _ = expr` position. Compiler -------- - Extend -Cdebuginfo with new options and named aliases This provides a smaller version of debuginfo for cases that only need line number information (`-Cdebuginfo=line-tables-only`), which may eventually become the default for `-Cdebuginfo=1`. - Make `unused_allocation` lint against `Box::new` too - Detect uninhabited types early in const eval - Switch to LLD as default linker for {arm,thumb}v4t-none-eabi - Add tier 3 target `loongarch64-unknown-linux-gnu` - Add tier 3 target for `i586-pc-nto-qnx700` (QNX Neutrino RTOS, version 7.0) - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. Refer to Rust's platform support page for more information on Rust's tiered platform support. Libraries --------- - Document NonZeroXxx layout guarantees - Windows: make `Command` prefer non-verbatim paths - Implement Default for some alloc/core iterators - Fix handling of trailing bare CR in str::lines - allow negative numeric literals in `concat!` - Add documentation about the memory layout of `Cell` - Use `partial_cmp` to implement tuple `lt`/`le`/`ge`/`gt` - Stabilize `atomic_as_ptr` - Stabilize `nonnull_slice_from_raw_parts` - Partial stabilization of `once_cell` - Stabilize `nonzero_min_max` - Flatten/inline format_args!() and (string and int) literal arguments into format_args!() - Stabilize movbe target feature - don't splice from files into pipes in io::copy - Add a builtin unstable `FnPtr` trait that is implemented for all function pointers This extends `Debug`, `Pointer`, `Hash`, `PartialEq`, `Eq`, `PartialOrd`, and `Ord` implementations for function pointers with all ABIs. Stabilized APIs --------------- - `NonZero*::MIN/MAX` - `BinaryHeap::retain` - `Default for std::collections::binary_heap::IntoIter` - `Default for std::collections::btree_map::{IntoIter, Iter, IterMut}` - `Default for std::collections::btree_map::{IntoKeys, Keys}` - `Default for std::collections::btree_map::{IntoValues, Values}` - `Default for std::collections::btree_map::Range` - `Default for std::collections::btree_set::{IntoIter, Iter}` - `Default for std::collections::btree_set::Range` - `Default for std::collections::linked_list::{IntoIter, Iter, IterMut}` - `Default for std::vec::IntoIter` - `Default for std::iter::Chain` - `Default for std::iter::Cloned` - `Default for std::iter::Copied` - `Default for std::iter::Enumerate` - `Default for std::iter::Flatten` - `Default for std::iter::Fuse` - `Default for std::iter::Rev` - `Default for std::slice::Iter` - `Default for std::slice::IterMut` - `Rc::into_inner` - `Arc::into_inner` - `std::cell::OnceCell` - `Option::is_some_and` - `NonNull::slice_from_raw_parts` - `Result::is_ok_and` - `Result::is_err_and` - `std::sync::atomic::Atomic*::as_ptr` - `std::io::IsTerminal` - `std::os::linux::net::SocketAddrExt` - `std::os::unix::net::UnixDatagram::bind_addr` - `std::os::unix::net::UnixDatagram::connect_addr` - `std::os::unix::net::UnixDatagram::send_to_addr` - `std::os::unix::net::UnixListener::bind_addr` - `std::path::Path::as_mut_os_str` - `std::sync::OnceLock` Cargo ----- - Add `CARGO_PKG_README` - Make `sparse` the default protocol for crates.io - Accurately show status when downgrading dependencies - Use registry.default for login/logout - Stabilize `cargo logout` Misc ---- - Stabilize rustdoc `--test-run-directory` Compatibility Notes ------------------- - Prevent stable `libtest` from supporting `-Zunstable-options` - Perform const and unsafe checking for expressions in `let _ = expr` position. - WebAssembly targets enable `sign-ext` and `mutable-globals` features in codegen This may cause incompatibility with older execution environments. - Insert alignment checks for pointer dereferences as debug assertions This catches undefined behavior at runtime, and may cause existing code to fail. The following package changes have been done: - rust1.70-1.70.0-150400.9.3.1 added - cargo1.70-1.70.0-150400.9.3.1 added - cargo1.69-1.69.0-150400.9.3.1 removed - rust1.69-1.69.0-150400.9.3.1 removed From sle-updates at lists.suse.com Thu Jun 22 07:11:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 09:11:12 +0200 (CEST) Subject: SUSE-CU-2023:2084-1: Security update of suse/sle15 Message-ID: <20230622071112.1BF09F3C1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2084-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.5 , suse/sle15:15.5 , suse/sle15:15.5.36.5.5 Container Release : 36.5.5 Severity : important Type : security References : 1206346 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2600-1 Released: Wed Jun 21 15:24:36 2023 Summary: Security update for container-suseconnect Type: security Severity: important References: 1206346 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.20 security release (bsc#1206346). The following package changes have been done: - container-suseconnect-2.4.0-150000.4.30.1 updated From sle-updates at lists.suse.com Thu Jun 22 08:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:14 -0000 Subject: SUSE-SU-2023:2611-1: important: Security update for the Linux Kernel Message-ID: <168742261452.18848.112238416385096691@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2611-1 Rating: important References: * #1184208 * #1199636 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1208474 * #1208604 * #1209287 * #1209779 * #1210715 * #1210783 * #1210940 * #1211037 * #1211043 * #1211105 * #1211131 * #1211186 * #1211203 * #1211590 * #1211592 * #1211596 * #1211622 Cross-References: * CVE-2020-36694 * CVE-2021-29650 * CVE-2022-3566 * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1079 * CVE-2023-1380 * CVE-2023-1637 * CVE-2023-2156 * CVE-2023-2194 * CVE-2023-23586 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32233 * CVE-2023-32269 * CVE-2023-33288 CVSS scores: * CVE-2020-36694 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-29650 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-29650 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23586 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 Business Critical Linux 15-SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves 22 vulnerabilities and has four fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). * CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: * SUNRPC: Ensure the transport backchannel association (bsc#1211203). * hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2611=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2611=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP3 zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-2611=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2611=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2611=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2611=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2611=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2611=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2611=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2611=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2611=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2611=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2611=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2611=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2611=1 ## Package List: * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.3.18-150300.59.124.1 * openSUSE Leap 15.4 (aarch64) * dtb-zte-5.3.18-150300.59.124.1 * dtb-al-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Live Patching 15-SP3 (nosrc) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-default-livepatch-5.3.18-150300.59.124.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-livepatch-devel-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * kernel-livepatch-5_3_18-150300_59_124-default-1-150300.7.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-debuginfo-5.3.18-150300.59.124.1 * ocfs2-kmp-default-5.3.18-150300.59.124.1 * gfs2-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * cluster-md-kmp-default-5.3.18-150300.59.124.1 * gfs2-kmp-default-5.3.18-150300.59.124.1 * dlm-kmp-default-debuginfo-5.3.18-150300.59.124.1 * ocfs2-kmp-default-debuginfo-5.3.18-150300.59.124.1 * dlm-kmp-default-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Availability Extension 15 SP3 (nosrc) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-devel-5.3.18-150300.59.124.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-devel-5.3.18-150300.59.124.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-devel-5.3.18-150300.59.124.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-devel-5.3.18-150300.59.124.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-devel-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-devel-5.3.18-150300.59.124.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 x86_64) * kernel-preempt-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.124.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * kernel-preempt-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * SUSE Manager Proxy 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Manager Proxy 4.2 (x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * SUSE Manager Proxy 4.2 (noarch) * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Manager Retail Branch Server 4.2 (nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (nosrc ppc64le s390x x86_64) * kernel-default-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (noarch) * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (nosrc s390x) * kernel-zfcpdump-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (s390x) * kernel-zfcpdump-debuginfo-5.3.18-150300.59.124.1 * kernel-zfcpdump-debugsource-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (nosrc x86_64) * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Manager Server 4.2 (x86_64) * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc) * kernel-64kb-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (aarch64) * kernel-64kb-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-devel-5.3.18-150300.59.124.1 * kernel-64kb-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-64kb-debugsource-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (aarch64 nosrc x86_64) * kernel-default-5.3.18-150300.59.124.1 * kernel-preempt-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * kernel-obs-build-debugsource-5.3.18-150300.59.124.1 * kernel-preempt-devel-5.3.18-150300.59.124.1 * reiserfs-kmp-default-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-syms-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * kernel-preempt-devel-debuginfo-5.3.18-150300.59.124.1 * kernel-obs-build-5.3.18-150300.59.124.1 * kernel-preempt-debuginfo-5.3.18-150300.59.124.1 * kernel-default-devel-5.3.18-150300.59.124.1 * kernel-preempt-debugsource-5.3.18-150300.59.124.1 * kernel-default-debugsource-5.3.18-150300.59.124.1 * reiserfs-kmp-default-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (noarch) * kernel-source-5.3.18-150300.59.124.1 * kernel-devel-5.3.18-150300.59.124.1 * kernel-macros-5.3.18-150300.59.124.1 * SUSE Enterprise Storage 7.1 (noarch nosrc) * kernel-docs-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.124.1 * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.124.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 nosrc s390x x86_64) * kernel-default-5.3.18-150300.59.124.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 x86_64) * kernel-default-base-5.3.18-150300.59.124.1.150300.18.72.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * kernel-default-debugsource-5.3.18-150300.59.124.1 * kernel-default-debuginfo-5.3.18-150300.59.124.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36694.html * https://www.suse.com/security/cve/CVE-2021-29650.html * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-23586.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://bugzilla.suse.com/show_bug.cgi?id=1184208 * https://bugzilla.suse.com/show_bug.cgi?id=1199636 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1208474 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211203 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211596 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:18 -0000 Subject: SUSE-SU-2023:2610-1: moderate: Security update for php8 Message-ID: <168742261827.18848.1038048817325254832@smelt2.suse.de> # Security update for php8 Announcement ID: SUSE-SU-2023:2610-1 Rating: moderate References: * #1212349 Cross-References: * CVE-2023-3247 CVSS scores: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for php8 fixes the following issues: * CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2610=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2610=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2610=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2610=1 ## Package List: * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * php8-shmop-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-8.0.29-150400.4.34.1 * php8-soap-8.0.29-150400.4.34.1 * php8-8.0.29-150400.4.34.1 * php8-openssl-8.0.29-150400.4.34.1 * php8-sysvmsg-debuginfo-8.0.29-150400.4.34.1 * php8-cli-debuginfo-8.0.29-150400.4.34.1 * php8-ldap-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-debuginfo-8.0.29-150400.4.34.1 * php8-intl-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-8.0.29-150400.4.34.1 * php8-embed-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-debuginfo-8.0.29-150400.4.34.1 * php8-sqlite-debuginfo-8.0.29-150400.4.34.1 * php8-zlib-8.0.29-150400.4.34.1 * php8-pgsql-8.0.29-150400.4.34.1 * php8-ftp-debuginfo-8.0.29-150400.4.34.1 * php8-test-8.0.29-150400.4.34.1 * php8-fpm-8.0.29-150400.4.34.1 * apache2-mod_php8-debugsource-8.0.29-150400.4.34.1 * php8-curl-debuginfo-8.0.29-150400.4.34.1 * php8-gettext-8.0.29-150400.4.34.1 * php8-sysvshm-8.0.29-150400.4.34.1 * php8-cli-8.0.29-150400.4.34.1 * php8-enchant-debuginfo-8.0.29-150400.4.34.1 * php8-debugsource-8.0.29-150400.4.34.1 * php8-mbstring-debuginfo-8.0.29-150400.4.34.1 * php8-dba-debuginfo-8.0.29-150400.4.34.1 * php8-intl-8.0.29-150400.4.34.1 * php8-pgsql-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-debuginfo-8.0.29-150400.4.34.1 * php8-posix-8.0.29-150400.4.34.1 * php8-calendar-8.0.29-150400.4.34.1 * php8-shmop-8.0.29-150400.4.34.1 * php8-sysvmsg-8.0.29-150400.4.34.1 * php8-gmp-debuginfo-8.0.29-150400.4.34.1 * php8-sysvsem-debuginfo-8.0.29-150400.4.34.1 * php8-readline-debuginfo-8.0.29-150400.4.34.1 * php8-bz2-8.0.29-150400.4.34.1 * php8-bcmath-8.0.29-150400.4.34.1 * php8-xsl-debuginfo-8.0.29-150400.4.34.1 * php8-sodium-8.0.29-150400.4.34.1 * php8-xmlreader-debuginfo-8.0.29-150400.4.34.1 * php8-calendar-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-8.0.29-150400.4.34.1 * php8-tokenizer-8.0.29-150400.4.34.1 * php8-zip-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-debuginfo-8.0.29-150400.4.34.1 * php8-opcache-8.0.29-150400.4.34.1 * php8-embed-8.0.29-150400.4.34.1 * php8-dom-8.0.29-150400.4.34.1 * php8-mysql-8.0.29-150400.4.34.1 * php8-sqlite-8.0.29-150400.4.34.1 * php8-ldap-8.0.29-150400.4.34.1 * php8-sodium-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-8.0.29-150400.4.34.1 * php8-sysvsem-8.0.29-150400.4.34.1 * php8-phar-8.0.29-150400.4.34.1 * php8-dom-debuginfo-8.0.29-150400.4.34.1 * php8-gd-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-8.0.29-150400.4.34.1 * php8-exif-8.0.29-150400.4.34.1 * php8-openssl-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-debuginfo-8.0.29-150400.4.34.1 * php8-tokenizer-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-debuginfo-8.0.29-150400.4.34.1 * php8-bcmath-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-8.0.29-150400.4.34.1 * php8-iconv-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-8.0.29-150400.4.34.1 * php8-devel-8.0.29-150400.4.34.1 * php8-soap-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debugsource-8.0.29-150400.4.34.1 * php8-phar-debuginfo-8.0.29-150400.4.34.1 * php8-fpm-debuginfo-8.0.29-150400.4.34.1 * php8-curl-8.0.29-150400.4.34.1 * php8-fpm-debugsource-8.0.29-150400.4.34.1 * php8-mysql-debuginfo-8.0.29-150400.4.34.1 * php8-readline-8.0.29-150400.4.34.1 * php8-enchant-8.0.29-150400.4.34.1 * php8-iconv-8.0.29-150400.4.34.1 * php8-embed-debugsource-8.0.29-150400.4.34.1 * php8-pdo-8.0.29-150400.4.34.1 * php8-pdo-debuginfo-8.0.29-150400.4.34.1 * php8-posix-debuginfo-8.0.29-150400.4.34.1 * php8-exif-debuginfo-8.0.29-150400.4.34.1 * php8-xsl-8.0.29-150400.4.34.1 * php8-zip-8.0.29-150400.4.34.1 * php8-odbc-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-8.0.29-150400.4.34.1 * php8-zlib-debuginfo-8.0.29-150400.4.34.1 * php8-debuginfo-8.0.29-150400.4.34.1 * php8-dba-8.0.29-150400.4.34.1 * php8-sysvshm-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-8.0.29-150400.4.34.1 * php8-ftp-8.0.29-150400.4.34.1 * php8-xmlreader-8.0.29-150400.4.34.1 * php8-bz2-debuginfo-8.0.29-150400.4.34.1 * php8-mbstring-8.0.29-150400.4.34.1 * php8-gmp-8.0.29-150400.4.34.1 * php8-gd-8.0.29-150400.4.34.1 * php8-gettext-debuginfo-8.0.29-150400.4.34.1 * php8-odbc-8.0.29-150400.4.34.1 * php8-opcache-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-debuginfo-8.0.29-150400.4.34.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * php8-shmop-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-8.0.29-150400.4.34.1 * php8-soap-8.0.29-150400.4.34.1 * php8-8.0.29-150400.4.34.1 * php8-openssl-8.0.29-150400.4.34.1 * php8-sysvmsg-debuginfo-8.0.29-150400.4.34.1 * php8-cli-debuginfo-8.0.29-150400.4.34.1 * php8-ldap-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-debuginfo-8.0.29-150400.4.34.1 * php8-intl-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-8.0.29-150400.4.34.1 * php8-embed-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-debuginfo-8.0.29-150400.4.34.1 * php8-sqlite-debuginfo-8.0.29-150400.4.34.1 * php8-zlib-8.0.29-150400.4.34.1 * php8-pgsql-8.0.29-150400.4.34.1 * php8-ftp-debuginfo-8.0.29-150400.4.34.1 * php8-test-8.0.29-150400.4.34.1 * php8-fpm-8.0.29-150400.4.34.1 * apache2-mod_php8-debugsource-8.0.29-150400.4.34.1 * php8-curl-debuginfo-8.0.29-150400.4.34.1 * php8-gettext-8.0.29-150400.4.34.1 * php8-sysvshm-8.0.29-150400.4.34.1 * php8-cli-8.0.29-150400.4.34.1 * php8-enchant-debuginfo-8.0.29-150400.4.34.1 * php8-debugsource-8.0.29-150400.4.34.1 * php8-mbstring-debuginfo-8.0.29-150400.4.34.1 * php8-dba-debuginfo-8.0.29-150400.4.34.1 * php8-intl-8.0.29-150400.4.34.1 * php8-pgsql-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-debuginfo-8.0.29-150400.4.34.1 * php8-posix-8.0.29-150400.4.34.1 * php8-calendar-8.0.29-150400.4.34.1 * php8-shmop-8.0.29-150400.4.34.1 * php8-sysvmsg-8.0.29-150400.4.34.1 * php8-gmp-debuginfo-8.0.29-150400.4.34.1 * php8-sysvsem-debuginfo-8.0.29-150400.4.34.1 * php8-readline-debuginfo-8.0.29-150400.4.34.1 * php8-bz2-8.0.29-150400.4.34.1 * php8-bcmath-8.0.29-150400.4.34.1 * php8-xsl-debuginfo-8.0.29-150400.4.34.1 * php8-sodium-8.0.29-150400.4.34.1 * php8-xmlreader-debuginfo-8.0.29-150400.4.34.1 * php8-calendar-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-8.0.29-150400.4.34.1 * php8-tokenizer-8.0.29-150400.4.34.1 * php8-zip-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-debuginfo-8.0.29-150400.4.34.1 * php8-opcache-8.0.29-150400.4.34.1 * php8-embed-8.0.29-150400.4.34.1 * php8-dom-8.0.29-150400.4.34.1 * php8-mysql-8.0.29-150400.4.34.1 * php8-sqlite-8.0.29-150400.4.34.1 * php8-ldap-8.0.29-150400.4.34.1 * php8-sodium-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-8.0.29-150400.4.34.1 * php8-sysvsem-8.0.29-150400.4.34.1 * php8-phar-8.0.29-150400.4.34.1 * php8-dom-debuginfo-8.0.29-150400.4.34.1 * php8-gd-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-8.0.29-150400.4.34.1 * php8-exif-8.0.29-150400.4.34.1 * php8-openssl-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-debuginfo-8.0.29-150400.4.34.1 * php8-tokenizer-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-debuginfo-8.0.29-150400.4.34.1 * php8-bcmath-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-8.0.29-150400.4.34.1 * php8-iconv-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-8.0.29-150400.4.34.1 * php8-devel-8.0.29-150400.4.34.1 * php8-soap-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debugsource-8.0.29-150400.4.34.1 * php8-phar-debuginfo-8.0.29-150400.4.34.1 * php8-fpm-debuginfo-8.0.29-150400.4.34.1 * php8-curl-8.0.29-150400.4.34.1 * php8-fpm-debugsource-8.0.29-150400.4.34.1 * php8-mysql-debuginfo-8.0.29-150400.4.34.1 * php8-readline-8.0.29-150400.4.34.1 * php8-enchant-8.0.29-150400.4.34.1 * php8-iconv-8.0.29-150400.4.34.1 * php8-embed-debugsource-8.0.29-150400.4.34.1 * php8-pdo-8.0.29-150400.4.34.1 * php8-pdo-debuginfo-8.0.29-150400.4.34.1 * php8-posix-debuginfo-8.0.29-150400.4.34.1 * php8-exif-debuginfo-8.0.29-150400.4.34.1 * php8-xsl-8.0.29-150400.4.34.1 * php8-zip-8.0.29-150400.4.34.1 * php8-odbc-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-8.0.29-150400.4.34.1 * php8-zlib-debuginfo-8.0.29-150400.4.34.1 * php8-debuginfo-8.0.29-150400.4.34.1 * php8-dba-8.0.29-150400.4.34.1 * php8-sysvshm-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-8.0.29-150400.4.34.1 * php8-ftp-8.0.29-150400.4.34.1 * php8-xmlreader-8.0.29-150400.4.34.1 * php8-bz2-debuginfo-8.0.29-150400.4.34.1 * php8-mbstring-8.0.29-150400.4.34.1 * php8-gmp-8.0.29-150400.4.34.1 * php8-gd-8.0.29-150400.4.34.1 * php8-gettext-debuginfo-8.0.29-150400.4.34.1 * php8-odbc-8.0.29-150400.4.34.1 * php8-opcache-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-debuginfo-8.0.29-150400.4.34.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * php8-shmop-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-8.0.29-150400.4.34.1 * php8-soap-8.0.29-150400.4.34.1 * php8-8.0.29-150400.4.34.1 * php8-openssl-8.0.29-150400.4.34.1 * php8-sysvmsg-debuginfo-8.0.29-150400.4.34.1 * php8-cli-debuginfo-8.0.29-150400.4.34.1 * php8-ldap-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-debuginfo-8.0.29-150400.4.34.1 * php8-intl-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-8.0.29-150400.4.34.1 * php8-embed-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-debuginfo-8.0.29-150400.4.34.1 * php8-sqlite-debuginfo-8.0.29-150400.4.34.1 * php8-zlib-8.0.29-150400.4.34.1 * php8-pgsql-8.0.29-150400.4.34.1 * php8-ftp-debuginfo-8.0.29-150400.4.34.1 * php8-test-8.0.29-150400.4.34.1 * php8-fpm-8.0.29-150400.4.34.1 * apache2-mod_php8-debugsource-8.0.29-150400.4.34.1 * php8-curl-debuginfo-8.0.29-150400.4.34.1 * php8-gettext-8.0.29-150400.4.34.1 * php8-sysvshm-8.0.29-150400.4.34.1 * php8-cli-8.0.29-150400.4.34.1 * php8-enchant-debuginfo-8.0.29-150400.4.34.1 * php8-debugsource-8.0.29-150400.4.34.1 * php8-mbstring-debuginfo-8.0.29-150400.4.34.1 * php8-dba-debuginfo-8.0.29-150400.4.34.1 * php8-intl-8.0.29-150400.4.34.1 * php8-pgsql-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-debuginfo-8.0.29-150400.4.34.1 * php8-posix-8.0.29-150400.4.34.1 * php8-calendar-8.0.29-150400.4.34.1 * php8-shmop-8.0.29-150400.4.34.1 * php8-sysvmsg-8.0.29-150400.4.34.1 * php8-gmp-debuginfo-8.0.29-150400.4.34.1 * php8-sysvsem-debuginfo-8.0.29-150400.4.34.1 * php8-readline-debuginfo-8.0.29-150400.4.34.1 * php8-bz2-8.0.29-150400.4.34.1 * php8-bcmath-8.0.29-150400.4.34.1 * php8-xsl-debuginfo-8.0.29-150400.4.34.1 * php8-sodium-8.0.29-150400.4.34.1 * php8-xmlreader-debuginfo-8.0.29-150400.4.34.1 * php8-calendar-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-8.0.29-150400.4.34.1 * php8-tokenizer-8.0.29-150400.4.34.1 * php8-zip-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-debuginfo-8.0.29-150400.4.34.1 * php8-opcache-8.0.29-150400.4.34.1 * php8-embed-8.0.29-150400.4.34.1 * php8-dom-8.0.29-150400.4.34.1 * php8-mysql-8.0.29-150400.4.34.1 * php8-sqlite-8.0.29-150400.4.34.1 * php8-ldap-8.0.29-150400.4.34.1 * php8-sodium-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-8.0.29-150400.4.34.1 * php8-sysvsem-8.0.29-150400.4.34.1 * php8-phar-8.0.29-150400.4.34.1 * php8-dom-debuginfo-8.0.29-150400.4.34.1 * php8-gd-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-8.0.29-150400.4.34.1 * php8-exif-8.0.29-150400.4.34.1 * php8-openssl-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-debuginfo-8.0.29-150400.4.34.1 * php8-tokenizer-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-debuginfo-8.0.29-150400.4.34.1 * php8-bcmath-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-8.0.29-150400.4.34.1 * php8-iconv-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-8.0.29-150400.4.34.1 * php8-devel-8.0.29-150400.4.34.1 * php8-soap-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debugsource-8.0.29-150400.4.34.1 * php8-phar-debuginfo-8.0.29-150400.4.34.1 * php8-fpm-debuginfo-8.0.29-150400.4.34.1 * php8-curl-8.0.29-150400.4.34.1 * php8-fpm-debugsource-8.0.29-150400.4.34.1 * php8-mysql-debuginfo-8.0.29-150400.4.34.1 * php8-readline-8.0.29-150400.4.34.1 * php8-enchant-8.0.29-150400.4.34.1 * php8-iconv-8.0.29-150400.4.34.1 * php8-embed-debugsource-8.0.29-150400.4.34.1 * php8-pdo-8.0.29-150400.4.34.1 * php8-pdo-debuginfo-8.0.29-150400.4.34.1 * php8-posix-debuginfo-8.0.29-150400.4.34.1 * php8-exif-debuginfo-8.0.29-150400.4.34.1 * php8-xsl-8.0.29-150400.4.34.1 * php8-zip-8.0.29-150400.4.34.1 * php8-odbc-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-8.0.29-150400.4.34.1 * php8-zlib-debuginfo-8.0.29-150400.4.34.1 * php8-debuginfo-8.0.29-150400.4.34.1 * php8-dba-8.0.29-150400.4.34.1 * php8-sysvshm-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-8.0.29-150400.4.34.1 * php8-ftp-8.0.29-150400.4.34.1 * php8-xmlreader-8.0.29-150400.4.34.1 * php8-bz2-debuginfo-8.0.29-150400.4.34.1 * php8-mbstring-8.0.29-150400.4.34.1 * php8-gmp-8.0.29-150400.4.34.1 * php8-gd-8.0.29-150400.4.34.1 * php8-gettext-debuginfo-8.0.29-150400.4.34.1 * php8-odbc-8.0.29-150400.4.34.1 * php8-opcache-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-debuginfo-8.0.29-150400.4.34.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * php8-shmop-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-8.0.29-150400.4.34.1 * php8-soap-8.0.29-150400.4.34.1 * php8-8.0.29-150400.4.34.1 * php8-openssl-8.0.29-150400.4.34.1 * php8-sysvmsg-debuginfo-8.0.29-150400.4.34.1 * php8-cli-debuginfo-8.0.29-150400.4.34.1 * php8-ldap-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-debuginfo-8.0.29-150400.4.34.1 * php8-intl-debuginfo-8.0.29-150400.4.34.1 * php8-pcntl-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-8.0.29-150400.4.34.1 * php8-embed-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-debuginfo-8.0.29-150400.4.34.1 * php8-sqlite-debuginfo-8.0.29-150400.4.34.1 * php8-zlib-8.0.29-150400.4.34.1 * php8-pgsql-8.0.29-150400.4.34.1 * php8-ftp-debuginfo-8.0.29-150400.4.34.1 * php8-test-8.0.29-150400.4.34.1 * php8-fpm-8.0.29-150400.4.34.1 * apache2-mod_php8-debugsource-8.0.29-150400.4.34.1 * php8-curl-debuginfo-8.0.29-150400.4.34.1 * php8-gettext-8.0.29-150400.4.34.1 * php8-sysvshm-8.0.29-150400.4.34.1 * php8-cli-8.0.29-150400.4.34.1 * php8-enchant-debuginfo-8.0.29-150400.4.34.1 * php8-debugsource-8.0.29-150400.4.34.1 * php8-mbstring-debuginfo-8.0.29-150400.4.34.1 * php8-dba-debuginfo-8.0.29-150400.4.34.1 * php8-intl-8.0.29-150400.4.34.1 * php8-pgsql-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-debuginfo-8.0.29-150400.4.34.1 * php8-posix-8.0.29-150400.4.34.1 * php8-calendar-8.0.29-150400.4.34.1 * php8-shmop-8.0.29-150400.4.34.1 * php8-sysvmsg-8.0.29-150400.4.34.1 * php8-gmp-debuginfo-8.0.29-150400.4.34.1 * php8-sysvsem-debuginfo-8.0.29-150400.4.34.1 * php8-readline-debuginfo-8.0.29-150400.4.34.1 * php8-bz2-8.0.29-150400.4.34.1 * php8-bcmath-8.0.29-150400.4.34.1 * php8-xsl-debuginfo-8.0.29-150400.4.34.1 * php8-sodium-8.0.29-150400.4.34.1 * php8-xmlreader-debuginfo-8.0.29-150400.4.34.1 * php8-calendar-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-8.0.29-150400.4.34.1 * php8-tokenizer-8.0.29-150400.4.34.1 * php8-zip-debuginfo-8.0.29-150400.4.34.1 * php8-sockets-debuginfo-8.0.29-150400.4.34.1 * php8-opcache-8.0.29-150400.4.34.1 * php8-embed-8.0.29-150400.4.34.1 * php8-dom-8.0.29-150400.4.34.1 * php8-mysql-8.0.29-150400.4.34.1 * php8-sqlite-8.0.29-150400.4.34.1 * php8-ldap-8.0.29-150400.4.34.1 * php8-sodium-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-8.0.29-150400.4.34.1 * php8-sysvsem-8.0.29-150400.4.34.1 * php8-phar-8.0.29-150400.4.34.1 * php8-dom-debuginfo-8.0.29-150400.4.34.1 * php8-gd-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-8.0.29-150400.4.34.1 * php8-exif-8.0.29-150400.4.34.1 * php8-openssl-debuginfo-8.0.29-150400.4.34.1 * php8-snmp-debuginfo-8.0.29-150400.4.34.1 * php8-tokenizer-debuginfo-8.0.29-150400.4.34.1 * php8-ctype-debuginfo-8.0.29-150400.4.34.1 * php8-bcmath-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debuginfo-8.0.29-150400.4.34.1 * php8-tidy-8.0.29-150400.4.34.1 * php8-iconv-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-8.0.29-150400.4.34.1 * php8-devel-8.0.29-150400.4.34.1 * php8-soap-debuginfo-8.0.29-150400.4.34.1 * php8-fastcgi-debugsource-8.0.29-150400.4.34.1 * php8-phar-debuginfo-8.0.29-150400.4.34.1 * php8-fpm-debuginfo-8.0.29-150400.4.34.1 * php8-curl-8.0.29-150400.4.34.1 * php8-fpm-debugsource-8.0.29-150400.4.34.1 * php8-mysql-debuginfo-8.0.29-150400.4.34.1 * php8-readline-8.0.29-150400.4.34.1 * php8-enchant-8.0.29-150400.4.34.1 * php8-iconv-8.0.29-150400.4.34.1 * php8-embed-debugsource-8.0.29-150400.4.34.1 * php8-pdo-8.0.29-150400.4.34.1 * php8-pdo-debuginfo-8.0.29-150400.4.34.1 * php8-posix-debuginfo-8.0.29-150400.4.34.1 * php8-exif-debuginfo-8.0.29-150400.4.34.1 * php8-xsl-8.0.29-150400.4.34.1 * php8-zip-8.0.29-150400.4.34.1 * php8-odbc-debuginfo-8.0.29-150400.4.34.1 * apache2-mod_php8-8.0.29-150400.4.34.1 * php8-zlib-debuginfo-8.0.29-150400.4.34.1 * php8-debuginfo-8.0.29-150400.4.34.1 * php8-dba-8.0.29-150400.4.34.1 * php8-sysvshm-debuginfo-8.0.29-150400.4.34.1 * php8-fileinfo-8.0.29-150400.4.34.1 * php8-ftp-8.0.29-150400.4.34.1 * php8-xmlreader-8.0.29-150400.4.34.1 * php8-bz2-debuginfo-8.0.29-150400.4.34.1 * php8-mbstring-8.0.29-150400.4.34.1 * php8-gmp-8.0.29-150400.4.34.1 * php8-gd-8.0.29-150400.4.34.1 * php8-gettext-debuginfo-8.0.29-150400.4.34.1 * php8-odbc-8.0.29-150400.4.34.1 * php8-opcache-debuginfo-8.0.29-150400.4.34.1 * php8-xmlwriter-debuginfo-8.0.29-150400.4.34.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3247.html * https://bugzilla.suse.com/show_bug.cgi?id=1212349 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:20 -0000 Subject: SUSE-SU-2023:2609-1: moderate: Security update for ntp Message-ID: <168742262096.18848.8969294719564688017@smelt2.suse.de> # Security update for ntp Announcement ID: SUSE-SU-2023:2609-1 Rating: moderate References: * #1210390 Cross-References: * CVE-2023-26555 CVSS scores: * CVE-2023-26555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26555 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ntp fixes the following issues: ntp was updated to 4.2.8p17: * Fix some regressions of 4.2.8p16 Update to 4.2.8p16: * [Sec 3808] Assertion failure in ntpq on malformed RT-11 date * [Sec 3807], bsc#1210390, CVE-2023-26555: praecis_parse() in the Palisade refclock driver has a hypothetical input buffer overflow. * [Sec 3767] An OOB KoD RATE value triggers an assertion when debug is enabled. * Multiple bug fixes and improvements. For details, see /usr/share/doc/packages/ntp/ChangeLog http://www.ntp.org/support/securitynotice/4_2_8-series-changelog/ * CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2609=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2609=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2609=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ntp-4.2.8p17-103.1 * ntp-debugsource-4.2.8p17-103.1 * ntp-debuginfo-4.2.8p17-103.1 * ntp-doc-4.2.8p17-103.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ntp-4.2.8p17-103.1 * ntp-debugsource-4.2.8p17-103.1 * ntp-debuginfo-4.2.8p17-103.1 * ntp-doc-4.2.8p17-103.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ntp-4.2.8p17-103.1 * ntp-debugsource-4.2.8p17-103.1 * ntp-debuginfo-4.2.8p17-103.1 * ntp-doc-4.2.8p17-103.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26555.html * https://bugzilla.suse.com/show_bug.cgi?id=1210390 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:23 -0000 Subject: SUSE-SU-2023:2608-1: moderate: Security update for ntp Message-ID: <168742262320.18848.11143381378739975930@smelt2.suse.de> # Security update for ntp Announcement ID: SUSE-SU-2023:2608-1 Rating: moderate References: * #1210390 Cross-References: * CVE-2023-26555 CVSS scores: * CVE-2023-26555 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26555 ( NVD ): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * Legacy Module 15-SP4 * Legacy Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for ntp fixes the following issues: * CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2608=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2608=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2608=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2608=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ntp-4.2.8p17-150000.4.25.1 * ntp-debuginfo-4.2.8p17-150000.4.25.1 * ntp-doc-4.2.8p17-150000.4.25.1 * ntp-debugsource-4.2.8p17-150000.4.25.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ntp-4.2.8p17-150000.4.25.1 * ntp-debuginfo-4.2.8p17-150000.4.25.1 * ntp-doc-4.2.8p17-150000.4.25.1 * ntp-debugsource-4.2.8p17-150000.4.25.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * ntp-4.2.8p17-150000.4.25.1 * ntp-debuginfo-4.2.8p17-150000.4.25.1 * ntp-debugsource-4.2.8p17-150000.4.25.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ntp-4.2.8p17-150000.4.25.1 * ntp-debuginfo-4.2.8p17-150000.4.25.1 * ntp-debugsource-4.2.8p17-150000.4.25.1 ## References: * https://www.suse.com/security/cve/CVE-2023-26555.html * https://bugzilla.suse.com/show_bug.cgi?id=1210390 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:26 -0000 Subject: SUSE-SU-2023:2607-1: important: Security update for webkit2gtk3 Message-ID: <168742262652.18848.12612740690471313582@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2607-1 Rating: important References: * #1211658 * #1211659 * #1211846 Cross-References: * CVE-2023-28204 * CVE-2023-32373 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2607=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2607=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2607=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2607=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2607=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2607=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2607=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2607=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2607=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2607=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2607=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2607=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2607=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2607=1 ## Package List: * openSUSE Leap 15.4 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Manager Proxy 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * SUSE Manager Proxy 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Manager Retail Branch Server 4.2 (x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * SUSE Manager Server 4.2 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Enterprise Storage 7.1 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 * SUSE Enterprise Storage 7 (aarch64 x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-2.38.6-150200.75.2 * webkit2gtk-4_0-injected-bundles-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-2.38.6-150200.75.2 * typelib-1_0-WebKit2-4_0-2.38.6-150200.75.2 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150200.75.2 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150200.75.2 * webkit2gtk3-debugsource-2.38.6-150200.75.2 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150200.75.2 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150200.75.2 * webkit2gtk3-devel-2.38.6-150200.75.2 * SUSE Enterprise Storage 7 (noarch) * libwebkit2gtk3-lang-2.38.6-150200.75.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28204.html * https://www.suse.com/security/cve/CVE-2023-32373.html * https://bugzilla.suse.com/show_bug.cgi?id=1211658 * https://bugzilla.suse.com/show_bug.cgi?id=1211659 * https://bugzilla.suse.com/show_bug.cgi?id=1211846 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:29 -0000 Subject: SUSE-SU-2023:2606-1: important: Security update for webkit2gtk3 Message-ID: <168742262964.18848.14019289851316406135@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2606-1 Rating: important References: * #1211658 * #1211659 * #1211846 Cross-References: * CVE-2023-28204 * CVE-2023-32373 CVSS scores: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2606=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2606=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2606=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2606=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2606=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2606=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2606=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2606=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2606=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2606=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE OpenStack Cloud 9 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-devel-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-devel-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-2.139.1 * typelib-1_0-WebKit2-4_0-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-2.139.1 * typelib-1_0-JavaScriptCore-4_0-2.38.6-2.139.1 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-2.139.1 * webkit2gtk3-debugsource-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-2.38.6-2.139.1 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-2.139.1 * libwebkit2gtk-4_0-37-2.38.6-2.139.1 * libjavascriptcoregtk-4_0-18-2.38.6-2.139.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * libwebkit2gtk3-lang-2.38.6-2.139.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28204.html * https://www.suse.com/security/cve/CVE-2023-32373.html * https://bugzilla.suse.com/show_bug.cgi?id=1211658 * https://bugzilla.suse.com/show_bug.cgi?id=1211659 * https://bugzilla.suse.com/show_bug.cgi?id=1211846 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:32 -0000 Subject: SUSE-SU-2023:2605-1: important: Security update for bluez Message-ID: <168742263210.18848.16040146394613325338@smelt2.suse.de> # Security update for bluez Announcement ID: SUSE-SU-2023:2605-1 Rating: important References: * #1210398 Cross-References: * CVE-2023-27349 CVSS scores: * CVE-2023-27349 ( SUSE ): 8.0 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Desktop Applications Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for bluez fixes the following issues: * CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2605=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2605=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2605=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2605=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2605=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2605=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2605=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2605=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2605=1 ## Package List: * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bluez-debugsource-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * bluez-devel-5.62-150400.4.13.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * bluez-cups-5.62-150400.4.13.1 * bluez-debugsource-5.62-150400.4.13.1 * bluez-cups-debuginfo-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * bluez-cups-5.62-150400.4.13.1 * bluez-5.62-150400.4.13.1 * bluez-devel-5.62-150400.4.13.1 * bluez-test-5.62-150400.4.13.1 * bluez-debugsource-5.62-150400.4.13.1 * bluez-test-debuginfo-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * bluez-cups-debuginfo-5.62-150400.4.13.1 * bluez-deprecated-5.62-150400.4.13.1 * libbluetooth3-debuginfo-5.62-150400.4.13.1 * bluez-deprecated-debuginfo-5.62-150400.4.13.1 * openSUSE Leap 15.4 (noarch) * bluez-auto-enable-devices-5.62-150400.4.13.1 * openSUSE Leap 15.4 (x86_64) * libbluetooth3-32bit-5.62-150400.4.13.1 * libbluetooth3-32bit-debuginfo-5.62-150400.4.13.1 * bluez-devel-32bit-5.62-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libbluetooth3-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * bluez-debugsource-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * libbluetooth3-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * bluez-debugsource-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * libbluetooth3-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bluez-5.62-150400.4.13.1 * bluez-debugsource-5.62-150400.4.13.1 * bluez-debuginfo-5.62-150400.4.13.1 * libbluetooth3-5.62-150400.4.13.1 * bluez-deprecated-5.62-150400.4.13.1 * libbluetooth3-debuginfo-5.62-150400.4.13.1 * bluez-deprecated-debuginfo-5.62-150400.4.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-27349.html * https://bugzilla.suse.com/show_bug.cgi?id=1210398 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:34 -0000 Subject: SUSE-SU-2023:2604-1: moderate: Security update for open-vm-tools Message-ID: <168742263484.18848.6954754934596221527@smelt2.suse.de> # Security update for open-vm-tools Announcement ID: SUSE-SU-2023:2604-1 Rating: moderate References: * #1210695 * #1212143 Cross-References: * CVE-2023-20867 CVSS scores: * CVE-2023-20867 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N * CVE-2023-20867 ( NVD ): 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for open-vm-tools fixes the following issues: * CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143). Bug fixes: * Fixed build problem with grpc 1.54 (bsc#1210695). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2604=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2604=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2604=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2604=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2604=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2604=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2604=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2604=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2604=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2604=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2604=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2604=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2604=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2604=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2604=1 ## Package List: * openSUSE Leap Micro 5.3 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * openSUSE Leap 15.4 (aarch64 x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * openSUSE Leap 15.4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.29.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * openSUSE Leap 15.5 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro 5.3 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro 5.4 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * Basesystem Module 15-SP4 (aarch64 x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * Basesystem Module 15-SP4 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.29.1 * Basesystem Module 15-SP5 (aarch64 x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * Basesystem Module 15-SP5 (x86_64) * open-vm-tools-salt-minion-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * Desktop Applications Module 15-SP4 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * Desktop Applications Module 15-SP5 (aarch64 x86_64) * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * open-vm-tools-sdmp-12.2.0-150300.29.1 * libvmtools-devel-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-desktop-12.2.0-150300.29.1 * open-vm-tools-desktop-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-sdmp-debuginfo-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro 5.1 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro 5.2 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64) * libvmtools0-12.2.0-150300.29.1 * open-vm-tools-debuginfo-12.2.0-150300.29.1 * libvmtools0-debuginfo-12.2.0-150300.29.1 * open-vm-tools-12.2.0-150300.29.1 * open-vm-tools-debugsource-12.2.0-150300.29.1 ## References: * https://www.suse.com/security/cve/CVE-2023-20867.html * https://bugzilla.suse.com/show_bug.cgi?id=1210695 * https://bugzilla.suse.com/show_bug.cgi?id=1212143 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 08:30:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 08:30:37 -0000 Subject: SUSE-SU-2023:2603-1: moderate: Security update for rustup Message-ID: <168742263787.18848.9164641569986772741@smelt2.suse.de> # Security update for rustup Announcement ID: SUSE-SU-2023:2603-1 Rating: moderate References: * #1208552 * #1210345 Cross-References: * CVE-2022-31394 * CVE-2023-26964 CVSS scores: * CVE-2022-31394 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2022-31394 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-26964 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-26964 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for rustup fixes the following issues: * CVE-2022-31394: Fixed possible HTTP2 attacks by specifying the HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE (bsc#1208552). * CVE-2023-26964: Fixed high memory and CPU usage when stream stacking occurs when H2 processes HTTP2 RST_STREAM frames (bsc#1210345). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2603=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2603=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2603=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2603=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * rustup-1.26.0~0-150400.3.7.1 * rustup-debugsource-1.26.0~0-150400.3.7.1 * rustup-debuginfo-1.26.0~0-150400.3.7.1 * openSUSE Leap 15.5 (aarch64 x86_64) * rustup-1.26.0~0-150400.3.7.1 * rustup-debugsource-1.26.0~0-150400.3.7.1 * rustup-debuginfo-1.26.0~0-150400.3.7.1 * Development Tools Module 15-SP4 (aarch64 x86_64) * rustup-1.26.0~0-150400.3.7.1 * rustup-debugsource-1.26.0~0-150400.3.7.1 * rustup-debuginfo-1.26.0~0-150400.3.7.1 * Development Tools Module 15-SP5 (aarch64 x86_64) * rustup-1.26.0~0-150400.3.7.1 * rustup-debugsource-1.26.0~0-150400.3.7.1 * rustup-debuginfo-1.26.0~0-150400.3.7.1 ## References: * https://www.suse.com/security/cve/CVE-2022-31394.html * https://www.suse.com/security/cve/CVE-2023-26964.html * https://bugzilla.suse.com/show_bug.cgi?id=1208552 * https://bugzilla.suse.com/show_bug.cgi?id=1210345 * https://jira.suse.com/browse/SLE-18626 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 16:30:06 -0000 Subject: SUSE-RU-2023:2615-1: important: Recommended update for mdadm Message-ID: <168745140694.7696.2173033168954730824@smelt2.suse.de> # Recommended update for mdadm Announcement ID: SUSE-RU-2023:2615-1 Rating: important References: * #1208618 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for mdadm fixes the following issues: * Grow: fix possible memory leak (bsc#1208618) * Use source code mdadm-4.2.tar.xz from kernel.org version for checksum ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2615=1 openSUSE-SLE-15.5-2023-2615=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2615=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * mdadm-4.2-150500.6.3.1 * mdadm-debuginfo-4.2-150500.6.3.1 * mdadm-debugsource-4.2-150500.6.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * mdadm-4.2-150500.6.3.1 * mdadm-debuginfo-4.2-150500.6.3.1 * mdadm-debugsource-4.2-150500.6.3.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208618 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2616-1: important: Security update for cups Message-ID: <168745140460.7696.5654194869051761859@smelt2.suse.de> # Security update for cups Announcement ID: SUSE-SU-2023:2616-1 Rating: important References: * #1212230 Cross-References: * CVE-2023-34241 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for cups fixes the following issues: * CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2616=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2616=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2616=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2616=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2616=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2616=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2616=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2616=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2616=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2616=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2616=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2616=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2616=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2616=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2616=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2616=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2616=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2616=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2616=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2616=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2616=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2616=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2616=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2616=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2616=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2616=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2616=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2616=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * openSUSE Leap 15.4 (x86_64) * libcupscgi1-32bit-2.2.7-150000.3.46.1 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-32bit-2.2.7-150000.3.46.1 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-32bit-2.2.7-150000.3.46.1 * cups-devel-32bit-2.2.7-150000.3.46.1 * libcupsimage2-32bit-2.2.7-150000.3.46.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * openSUSE Leap 15.5 (x86_64) * libcupscgi1-32bit-2.2.7-150000.3.46.1 * libcupscgi1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-32bit-2.2.7-150000.3.46.1 * libcupsppdc1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-32bit-2.2.7-150000.3.46.1 * cups-devel-32bit-2.2.7-150000.3.46.1 * libcupsimage2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * Basesystem Module 15-SP4 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * Desktop Applications Module 15-SP5 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cups-ddk-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cups-ddk-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Manager Proxy 4.2 (x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * SUSE Manager Server 4.2 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Enterprise Storage 7.1 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * cups-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * SUSE Enterprise Storage 7 (x86_64) * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * SUSE CaaS Platform 4.0 (x86_64) * cups-client-debuginfo-2.2.7-150000.3.46.1 * libcupscgi1-debuginfo-2.2.7-150000.3.46.1 * cups-client-2.2.7-150000.3.46.1 * cups-devel-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-debuginfo-2.2.7-150000.3.46.1 * cups-ddk-2.2.7-150000.3.46.1 * libcupscgi1-2.2.7-150000.3.46.1 * libcupsppdc1-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * libcupsimage2-2.2.7-150000.3.46.1 * cups-2.2.7-150000.3.46.1 * libcupsmime1-2.2.7-150000.3.46.1 * libcups2-32bit-2.2.7-150000.3.46.1 * libcups2-32bit-debuginfo-2.2.7-150000.3.46.1 * libcupsmime1-debuginfo-2.2.7-150000.3.46.1 * libcupsimage2-debuginfo-2.2.7-150000.3.46.1 * libcupsppdc1-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libcups2-2.2.7-150000.3.46.1 * cups-config-2.2.7-150000.3.46.1 * cups-debugsource-2.2.7-150000.3.46.1 * cups-debuginfo-2.2.7-150000.3.46.1 * libcups2-debuginfo-2.2.7-150000.3.46.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34241.html * https://bugzilla.suse.com/show_bug.cgi?id=1212230 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2614-1: important: Security update for libX11 Message-ID: <168745141011.7696.18428432074669748512@smelt2.suse.de> # Security update for libX11 Announcement ID: SUSE-SU-2023:2614-1 Rating: important References: * #1212102 Cross-References: * CVE-2023-3138 CVSS scores: * CVE-2023-3138 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for libX11 fixes the following issues: * CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2614=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2614=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2614=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2614=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2614=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2614=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2614=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2614=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2614=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2614=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2614=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2614=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2614=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2614=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2614=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2614=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2614=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2614=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2614=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2614=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2614=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2614=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2614=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2614=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2614=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * openSUSE Leap Micro 5.3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * openSUSE Leap 15.4 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-devel-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * openSUSE Leap 15.4 (noarch) * libX11-data-1.6.5-150000.3.30.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * openSUSE Leap 15.5 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-devel-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * openSUSE Leap 15.5 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libX11-data-1.6.5-150000.3.30.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * Basesystem Module 15-SP4 (noarch) * libX11-data-1.6.5-150000.3.30.1 * Basesystem Module 15-SP4 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * Basesystem Module 15-SP5 (noarch) * libX11-data-1.6.5-150000.3.30.1 * Basesystem Module 15-SP5 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Manager Proxy 4.2 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Manager Proxy 4.2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Manager Server 4.2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Manager Server 4.2 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7.1 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7.1 (x86_64) * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Enterprise Storage 7 (x86_64) * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * SUSE CaaS Platform 4.0 (x86_64) * libX11-xcb1-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-6-32bit-1.6.5-150000.3.30.1 * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-devel-1.6.5-150000.3.30.1 * libX11-6-32bit-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-xcb1-32bit-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE CaaS Platform 4.0 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * libX11-data-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libX11-xcb1-debuginfo-1.6.5-150000.3.30.1 * libX11-6-debuginfo-1.6.5-150000.3.30.1 * libX11-xcb1-1.6.5-150000.3.30.1 * libX11-debugsource-1.6.5-150000.3.30.1 * libX11-6-1.6.5-150000.3.30.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * libX11-data-1.6.5-150000.3.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-3138.html * https://bugzilla.suse.com/show_bug.cgi?id=1212102 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 22 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 22 Jun 2023 20:30:02 -0000 Subject: SUSE-RU-2023:2336-2: moderate: Recommended update for lsvpd Message-ID: <168746580273.27953.3534683190026041138@smelt2.suse.de> # Recommended update for lsvpd Announcement ID: SUSE-RU-2023:2336-2 Rating: moderate References: * #1208122 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lsvpd fixes the following issues: * Fix NVMe information parsing with newer firmware (bsc#1208122) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2336=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2336=1 ## Package List: * openSUSE Leap 15.5 (ppc64le) * lsvpd-debuginfo-1.7.14-150400.3.10.1 * lsvpd-1.7.14-150400.3.10.1 * lsvpd-debugsource-1.7.14-150400.3.10.1 * Basesystem Module 15-SP5 (ppc64le) * lsvpd-debuginfo-1.7.14-150400.3.10.1 * lsvpd-1.7.14-150400.3.10.1 * lsvpd-debugsource-1.7.14-150400.3.10.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208122 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 07:05:01 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:01 +0200 (CEST) Subject: SUSE-CU-2023:2092-1: Security update of bci/openjdk-devel Message-ID: <20230623070501.B094FF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2092-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-6.9 Container Release : 6.9 Severity : important Type : security References : 1212102 CVE-2023-3138 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2614-1 Released: Thu Jun 22 14:02:30 2023 Summary: Security update for libX11 Type: security Severity: important References: 1212102,CVE-2023-3138 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). The following package changes have been done: - libX11-data-1.6.5-150000.3.30.1 updated - libX11-6-1.6.5-150000.3.30.1 updated - container:bci-openjdk-11-15.5.11-7.5 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:04 +0200 (CEST) Subject: SUSE-CU-2023:2093-1: Security update of bci/openjdk Message-ID: <20230623070504.4A490F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2093-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-7.5 Container Release : 7.5 Severity : important Type : security References : 1212102 CVE-2023-3138 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2614-1 Released: Thu Jun 22 14:02:30 2023 Summary: Security update for libX11 Type: security Severity: important References: 1212102,CVE-2023-3138 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). The following package changes have been done: - libX11-data-1.6.5-150000.3.30.1 updated - libX11-6-1.6.5-150000.3.30.1 updated - container:sles15-image-15.0.0-36.5.5 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:07 +0200 (CEST) Subject: SUSE-CU-2023:2094-1: Security update of bci/openjdk-devel Message-ID: <20230623070507.70A25F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2094-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-8.8 , bci/openjdk-devel:latest Container Release : 8.8 Severity : important Type : security References : 1212102 CVE-2023-3138 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2614-1 Released: Thu Jun 22 14:02:30 2023 Summary: Security update for libX11 Type: security Severity: important References: 1212102,CVE-2023-3138 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). The following package changes have been done: - libX11-data-1.6.5-150000.3.30.1 updated - libX11-6-1.6.5-150000.3.30.1 updated - container:bci-openjdk-17-15.5.17-8.3 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:09 +0200 (CEST) Subject: SUSE-CU-2023:2095-1: Security update of bci/openjdk Message-ID: <20230623070509.C0483F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2095-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-8.3 , bci/openjdk:latest Container Release : 8.3 Severity : important Type : security References : 1212102 CVE-2023-3138 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2614-1 Released: Thu Jun 22 14:02:30 2023 Summary: Security update for libX11 Type: security Severity: important References: 1212102,CVE-2023-3138 This update for libX11 fixes the following issues: - CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102). The following package changes have been done: - libX11-data-1.6.5-150000.3.30.1 updated - libX11-6-1.6.5-150000.3.30.1 updated - container:sles15-image-15.0.0-36.5.5 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:12 +0200 (CEST) Subject: SUSE-CU-2023:2096-1: Security update of bci/php-apache Message-ID: <20230623070512.5C7E1F3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2096-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-4.6 Container Release : 4.6 Severity : moderate Type : security References : 1212349 CVE-2023-3247 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2610-1 Released: Thu Jun 22 09:53:34 2023 Summary: Security update for php8 Type: security Severity: moderate References: 1212349,CVE-2023-3247 This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). The following package changes have been done: - php8-cli-8.0.29-150400.4.34.1 updated - php8-8.0.29-150400.4.34.1 updated - apache2-mod_php8-8.0.29-150400.4.34.1 updated - php8-openssl-8.0.29-150400.4.34.1 updated - php8-mbstring-8.0.29-150400.4.34.1 updated - php8-zlib-8.0.29-150400.4.34.1 updated - php8-zip-8.0.29-150400.4.34.1 updated - php8-curl-8.0.29-150400.4.34.1 updated - php8-phar-8.0.29-150400.4.34.1 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:14 +0200 (CEST) Subject: SUSE-CU-2023:2097-1: Security update of bci/php-fpm Message-ID: <20230623070514.DD17BF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2097-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-4.5 Container Release : 4.5 Severity : moderate Type : security References : 1212349 CVE-2023-3247 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2610-1 Released: Thu Jun 22 09:53:34 2023 Summary: Security update for php8 Type: security Severity: moderate References: 1212349,CVE-2023-3247 This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). The following package changes have been done: - php8-cli-8.0.29-150400.4.34.1 updated - php8-8.0.29-150400.4.34.1 updated - php8-fpm-8.0.29-150400.4.34.1 updated - php8-openssl-8.0.29-150400.4.34.1 updated - php8-mbstring-8.0.29-150400.4.34.1 updated - php8-zlib-8.0.29-150400.4.34.1 updated - php8-zip-8.0.29-150400.4.34.1 updated - php8-curl-8.0.29-150400.4.34.1 updated - php8-phar-8.0.29-150400.4.34.1 updated - container:sles15-image-15.0.0-36.5.5 updated From sle-updates at lists.suse.com Fri Jun 23 07:05:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 09:05:17 +0200 (CEST) Subject: SUSE-CU-2023:2098-1: Security update of bci/php Message-ID: <20230623070517.418ECF3C2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2098-1 Container Tags : bci/php:8 , bci/php:8-4.5 Container Release : 4.5 Severity : moderate Type : security References : 1212349 CVE-2023-3247 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2610-1 Released: Thu Jun 22 09:53:34 2023 Summary: Security update for php8 Type: security Severity: moderate References: 1212349,CVE-2023-3247 This update for php8 fixes the following issues: - CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349). The following package changes have been done: - php8-cli-8.0.29-150400.4.34.1 updated - php8-8.0.29-150400.4.34.1 updated - php8-openssl-8.0.29-150400.4.34.1 updated - php8-mbstring-8.0.29-150400.4.34.1 updated - php8-zlib-8.0.29-150400.4.34.1 updated - php8-curl-8.0.29-150400.4.34.1 updated - php8-zip-8.0.29-150400.4.34.1 updated - php8-phar-8.0.29-150400.4.34.1 updated - container:sles15-image-15.0.0-36.5.5 updated From sle-updates at lists.suse.com Fri Jun 23 12:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:04 -0000 Subject: SUSE-SU-2023:2624-1: moderate: Security update for openssl-1_0_0 Message-ID: <168752340425.1278.2817868246482841385@smelt2.suse.de> # Security update for openssl-1_0_0 Announcement ID: SUSE-SU-2023:2624-1 Rating: moderate References: * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for openssl-1_0_0 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2624=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2624=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2624=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2624=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2624=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2624=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2624=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2624=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2624=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE OpenStack Cloud 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE OpenStack Cloud Crowbar 9 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_0_0-devel-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libopenssl1_0_0-debuginfo-1.0.2p-3.78.1 * openssl-1_0_0-debugsource-1.0.2p-3.78.1 * openssl-1_0_0-debuginfo-1.0.2p-3.78.1 * libopenssl1_0_0-hmac-1.0.2p-3.78.1 * libopenssl1_0_0-1.0.2p-3.78.1 * openssl-1_0_0-1.0.2p-3.78.1 * libopenssl-1_0_0-devel-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * openssl-1_0_0-doc-1.0.2p-3.78.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_0_0-hmac-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-debuginfo-32bit-1.0.2p-3.78.1 * libopenssl1_0_0-32bit-1.0.2p-3.78.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:06 -0000 Subject: SUSE-SU-2023:2623-1: moderate: Security update for openssl-1_1 Message-ID: <168752340690.1278.793830658115623137@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2623-1 Rating: moderate References: * #1201627 * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * Update further expiring certificates that affect tests [bsc#1201627] ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2623=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2623=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2623=1 * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2623=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2623=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2623=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2623=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2623=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2623=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * libopenssl1_1-32bit-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * libopenssl1_1-32bit-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libopenssl-1_1-devel-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * openssl-1_1-debuginfo-1.1.1d-2.89.1 * SUSE Linux Enterprise Software Development Kit 12 SP5 (s390x x86_64) * libopenssl-1_1-devel-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-debugsource-1.1.1d-2.89.1 * libopenssl1_1-hmac-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-1.1.1d-2.89.1 * openssl-1_1-1.1.1d-2.89.1 * libopenssl1_1-1.1.1d-2.89.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libopenssl1_1-32bit-1.1.1d-2.89.1 * libopenssl1_1-hmac-32bit-1.1.1d-2.89.1 * libopenssl1_1-debuginfo-32bit-1.1.1d-2.89.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2622-1: moderate: Security update for openssl-1_1 Message-ID: <168752340946.1278.690950171566377259@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2622-1 Rating: moderate References: * #1201627 * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2622=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2622=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2622=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-1.1.0i-150100.14.56.1 * openssl-1_1-1.1.0i-150100.14.56.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.56.1 * openssl-1_1-debugsource-1.1.0i-150100.14.56.1 * libopenssl1_1-1.1.0i-150100.14.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.56.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-1.1.0i-150100.14.56.1 * openssl-1_1-1.1.0i-150100.14.56.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.56.1 * openssl-1_1-debugsource-1.1.0i-150100.14.56.1 * libopenssl1_1-1.1.0i-150100.14.56.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libopenssl1_1-32bit-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.56.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * openssl-1_1-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-1.1.0i-150100.14.56.1 * openssl-1_1-1.1.0i-150100.14.56.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.56.1 * openssl-1_1-debugsource-1.1.0i-150100.14.56.1 * libopenssl1_1-1.1.0i-150100.14.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libopenssl1_1-32bit-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.56.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.56.1 * SUSE CaaS Platform 4.0 (x86_64) * libopenssl-1_1-devel-32bit-1.1.0i-150100.14.56.1 * openssl-1_1-debuginfo-1.1.0i-150100.14.56.1 * libopenssl-1_1-devel-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-1.1.0i-150100.14.56.1 * openssl-1_1-1.1.0i-150100.14.56.1 * libopenssl1_1-32bit-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-debuginfo-1.1.0i-150100.14.56.1 * libopenssl1_1-hmac-32bit-1.1.0i-150100.14.56.1 * libopenssl1_1-32bit-1.1.0i-150100.14.56.1 * openssl-1_1-debugsource-1.1.0i-150100.14.56.1 * libopenssl1_1-1.1.0i-150100.14.56.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:12 -0000 Subject: SUSE-SU-2023:29171-1: important: Security update for openssl-1_1 Message-ID: <168752341251.1278.835201238049649063@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:29171-1 Rating: important References: * #1201627 * #1207534 * #1211430 Cross-References: * CVE-2022-4304 * CVE-2023-2650 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * Update further expiring certificates that affect tests (bsc#1201627) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch 29171=1 openSUSE-SLE-15.5-2023-29171=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-29171=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl1_1-hmac-1.1.1l-150500.17.6.1 * libopenssl-1_1-devel-1.1.1l-150500.17.6.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.6.1 * libopenssl1_1-1.1.1l-150500.17.6.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.6.1 * openssl-1_1-1.1.1l-150500.17.6.1 * openssl-1_1-debugsource-1.1.1l-150500.17.6.1 * openSUSE Leap 15.5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.6.1 * libopenssl-1_1-devel-32bit-1.1.1l-150500.17.6.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.6.1 * openSUSE Leap 15.5 (noarch) * openssl-1_1-doc-1.1.1l-150500.17.6.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl1_1-64bit-debuginfo-1.1.1l-150500.17.6.1 * libopenssl1_1-hmac-64bit-1.1.1l-150500.17.6.1 * libopenssl1_1-64bit-1.1.1l-150500.17.6.1 * libopenssl-1_1-devel-64bit-1.1.1l-150500.17.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-hmac-1.1.1l-150500.17.6.1 * libopenssl-1_1-devel-1.1.1l-150500.17.6.1 * openssl-1_1-debuginfo-1.1.1l-150500.17.6.1 * libopenssl1_1-1.1.1l-150500.17.6.1 * libopenssl1_1-debuginfo-1.1.1l-150500.17.6.1 * openssl-1_1-1.1.1l-150500.17.6.1 * openssl-1_1-debugsource-1.1.1l-150500.17.6.1 * Basesystem Module 15-SP5 (x86_64) * libopenssl1_1-32bit-1.1.1l-150500.17.6.1 * libopenssl1_1-hmac-32bit-1.1.1l-150500.17.6.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150500.17.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:14 -0000 Subject: SUSE-SU-2023:2621-1: moderate: Security update for openvswitch Message-ID: <168752341460.1278.8475289501301375402@smelt2.suse.de> # Security update for openvswitch Announcement ID: SUSE-SU-2023:2621-1 Rating: moderate References: * #1210054 Cross-References: * CVE-2023-1668 CVSS scores: * CVE-2023-1668 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-1668 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for openvswitch fixes the following issues: * CVE-2023-1668: Fixed remote traffic denial-of-service via crafted packets with IP proto 0 (bsc#1210054). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2621=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2621=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2621=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * openvswitch-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-2.11.5-3.18.2 * openvswitch-debugsource-2.11.5-3.18.2 * openvswitch-2.11.5-3.18.2 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * openvswitch-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-2.11.5-3.18.2 * openvswitch-debugsource-2.11.5-3.18.2 * openvswitch-2.11.5-3.18.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * openvswitch-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-debuginfo-2.11.5-3.18.2 * libopenvswitch-2_11-0-2.11.5-3.18.2 * openvswitch-debugsource-2.11.5-3.18.2 * openvswitch-2.11.5-3.18.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1668.html * https://bugzilla.suse.com/show_bug.cgi?id=1210054 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:17 -0000 Subject: SUSE-SU-2023:2620-1: moderate: Security update for openssl-3 Message-ID: <168752341711.1278.3793036018051933795@smelt2.suse.de> # Security update for openssl-3 Announcement ID: SUSE-SU-2023:2620-1 Rating: moderate References: * #1210714 * #1211430 Cross-References: * CVE-2023-1255 * CVE-2023-2650 CVSS scores: * CVE-2023-1255 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1255 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2650 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2650 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves two vulnerabilities can now be installed. ## Description: This update for openssl-3 fixes the following issues: * CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714). * CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2620=1 openSUSE-SLE-15.5-2023-2620=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2620=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libopenssl3-debuginfo-3.0.8-150500.5.3.1 * openssl-3-debugsource-3.0.8-150500.5.3.1 * openssl-3-3.0.8-150500.5.3.1 * openssl-3-debuginfo-3.0.8-150500.5.3.1 * libopenssl3-3.0.8-150500.5.3.1 * libopenssl-3-devel-3.0.8-150500.5.3.1 * openSUSE Leap 15.5 (x86_64) * libopenssl3-32bit-3.0.8-150500.5.3.1 * libopenssl3-32bit-debuginfo-3.0.8-150500.5.3.1 * libopenssl-3-devel-32bit-3.0.8-150500.5.3.1 * openSUSE Leap 15.5 (noarch) * openssl-3-doc-3.0.8-150500.5.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libopenssl3-64bit-debuginfo-3.0.8-150500.5.3.1 * libopenssl-3-devel-64bit-3.0.8-150500.5.3.1 * libopenssl3-64bit-3.0.8-150500.5.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libopenssl3-debuginfo-3.0.8-150500.5.3.1 * openssl-3-debugsource-3.0.8-150500.5.3.1 * openssl-3-3.0.8-150500.5.3.1 * openssl-3-debuginfo-3.0.8-150500.5.3.1 * libopenssl3-3.0.8-150500.5.3.1 * libopenssl-3-devel-3.0.8-150500.5.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1255.html * https://www.suse.com/security/cve/CVE-2023-2650.html * https://bugzilla.suse.com/show_bug.cgi?id=1210714 * https://bugzilla.suse.com/show_bug.cgi?id=1211430 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:19 -0000 Subject: SUSE-SU-2023:2619-1: moderate: Security update for python-sqlparse Message-ID: <168752341935.1278.5281102662603428913@smelt2.suse.de> # Security update for python-sqlparse Announcement ID: SUSE-SU-2023:2619-1 Rating: moderate References: * #1210617 Cross-References: * CVE-2023-30608 CVSS scores: * CVE-2023-30608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-30608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ## Description: This update for python-sqlparse fixes the following issues: * CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2619=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2619=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2619=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2619=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2619=1 ## Package List: * openSUSE Leap 15.4 (noarch) * python3-sqlparse-0.4.2-150300.3.6.1 * openSUSE Leap 15.5 (noarch) * python3-sqlparse-0.4.2-150300.3.6.1 * Basesystem Module 15-SP4 (noarch) * python3-sqlparse-0.4.2-150300.3.6.1 * Basesystem Module 15-SP5 (noarch) * python3-sqlparse-0.4.2-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * python3-sqlparse-0.4.2-150300.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30608.html * https://bugzilla.suse.com/show_bug.cgi?id=1210617 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:21 -0000 Subject: SUSE-SU-2023:2618-1: moderate: Security update for dav1d Message-ID: <168752342143.1278.15236701227688196879@smelt2.suse.de> # Security update for dav1d Announcement ID: SUSE-SU-2023:2618-1 Rating: moderate References: * #1211262 Cross-References: * CVE-2023-32570 CVSS scores: * CVE-2023-32570 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2023-32570 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that solves one vulnerability can now be installed. ## Description: This update for dav1d fixes the following issues: * CVE-2023-32570: Fixed possible crash when decoding a frame (bsc#1211262). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2618=1 openSUSE-SLE-15.5-2023-2618=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2618=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2618=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dav1d-debuginfo-1.0.0-150500.3.3.1 * libdav1d6-debuginfo-1.0.0-150500.3.3.1 * dav1d-debugsource-1.0.0-150500.3.3.1 * libdav1d6-1.0.0-150500.3.3.1 * dav1d-1.0.0-150500.3.3.1 * dav1d-devel-1.0.0-150500.3.3.1 * openSUSE Leap 15.5 (x86_64) * libdav1d6-32bit-1.0.0-150500.3.3.1 * libdav1d6-32bit-debuginfo-1.0.0-150500.3.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libdav1d6-64bit-debuginfo-1.0.0-150500.3.3.1 * libdav1d6-64bit-1.0.0-150500.3.3.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dav1d-debuginfo-1.0.0-150500.3.3.1 * libdav1d6-debuginfo-1.0.0-150500.3.3.1 * dav1d-debugsource-1.0.0-150500.3.3.1 * libdav1d6-1.0.0-150500.3.3.1 * dav1d-devel-1.0.0-150500.3.3.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * dav1d-debuginfo-1.0.0-150500.3.3.1 * dav1d-debugsource-1.0.0-150500.3.3.1 * dav1d-1.0.0-150500.3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-32570.html * https://bugzilla.suse.com/show_bug.cgi?id=1211262 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:24 -0000 Subject: SUSE-SU-2023:2242-2: important: Security update for java-1_8_0-openjdk Message-ID: <168752342497.1278.9477570084919101701@smelt2.suse.de> # Security update for java-1_8_0-openjdk Announcement ID: SUSE-SU-2023:2242-2 Rating: important References: * #1210628 * #1210631 * #1210632 * #1210634 * #1210635 * #1210636 * #1210637 Cross-References: * CVE-2023-21930 * CVE-2023-21937 * CVE-2023-21938 * CVE-2023-21939 * CVE-2023-21954 * CVE-2023-21967 * CVE-2023-21968 CVSS scores: * CVE-2023-21930 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21930 ( NVD ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2023-21937 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21937 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21938 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21939 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21954 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21954 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-21967 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21967 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-21968 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-21968 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Legacy Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for java-1_8_0-openjdk fixes the following issues: * Updated to version jdk8u372 (icedtea-3.27.0): * CVE-2023-21930: Fixed an issue in the JSSE component that could allow an attacker to access critical data without authorization (bsc#1210628). * CVE-2023-21937: Fixed an issue in the Networking component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210631). * CVE-2023-21938: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210632). * CVE-2023-21939: Fixed an issue in the Swing component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210634). * CVE-2023-21954: Fixed an issue in the Hotspot component that could allow an attacker to access critical data without authorization (bsc#1210635). * CVE-2023-21967: Fixed an issue in the JSSE component that could allow an attacker to cause a hang or frequently repeatable crash without authorization (bsc#1210636). * CVE-2023-21968: Fixed an issue in the Libraries component that could allow an attacker to update, insert or delete some data without authorization (bsc#1210637). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2242=1 * Legacy Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP5-2023-2242=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-accessibility-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-src-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 * openSUSE Leap 15.5 (noarch) * java-1_8_0-openjdk-javadoc-1.8.0.372-150000.3.79.1 * Legacy Module 15-SP5 (aarch64 ppc64le s390x x86_64) * java-1_8_0-openjdk-devel-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-devel-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-headless-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debugsource-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-debuginfo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-1.8.0.372-150000.3.79.1 * java-1_8_0-openjdk-demo-debuginfo-1.8.0.372-150000.3.79.1 ## References: * https://www.suse.com/security/cve/CVE-2023-21930.html * https://www.suse.com/security/cve/CVE-2023-21937.html * https://www.suse.com/security/cve/CVE-2023-21938.html * https://www.suse.com/security/cve/CVE-2023-21939.html * https://www.suse.com/security/cve/CVE-2023-21954.html * https://www.suse.com/security/cve/CVE-2023-21967.html * https://www.suse.com/security/cve/CVE-2023-21968.html * https://bugzilla.suse.com/show_bug.cgi?id=1210628 * https://bugzilla.suse.com/show_bug.cgi?id=1210631 * https://bugzilla.suse.com/show_bug.cgi?id=1210632 * https://bugzilla.suse.com/show_bug.cgi?id=1210634 * https://bugzilla.suse.com/show_bug.cgi?id=1210635 * https://bugzilla.suse.com/show_bug.cgi?id=1210636 * https://bugzilla.suse.com/show_bug.cgi?id=1210637 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 12:30:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 12:30:27 -0000 Subject: SUSE-SU-2023:2617-1: important: Security update for google-cloud-sap-agent Message-ID: <168752342717.1278.16951714874674152443@smelt2.suse.de> # Security update for google-cloud-sap-agent Announcement ID: SUSE-SU-2023:2617-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of google-cloud-sap-agent fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2617=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2617=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2617=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2617=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2617=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2617=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-150100.3.9.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 16:30:05 -0000 Subject: SUSE-RU-2023:2625-1: moderate: Recommended update for gcc12 Message-ID: <168753780543.25377.11298901340369199707@smelt2.suse.de> # Recommended update for gcc12 Announcement ID: SUSE-RU-2023:2625-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that can now be installed. ## Description: This update for gcc12 fixes the following issues: * Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes * Speed up builds with --enable-link-serialization. * Update embedded newlib to version 4.2.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2625=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2625=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2625=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2625=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2625=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2625=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2625=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2625=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2625=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2625=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2625=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2625=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2625=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2625=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2625=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2625=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2625=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2625=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2625=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2625=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2625=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2625=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2625=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2625=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2625=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2625=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2625=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2625=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2625=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2625=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2625=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2625=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2625=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2625=1 * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2625=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-2625=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-2625=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP4 (aarch64 x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP4 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Desktop 15 SP4 (x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Manager Proxy 4.3 (x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP4 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP4 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP5 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP5 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * Basesystem Module 15-SP5 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP4 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP4 (x86_64) * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-testresults-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP5 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * Development Tools Module 15-SP5 (x86_64) * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * Legacy Module 15-SP4 (s390x) * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * gcc12-ada-debuginfo-12.3.0+git1204-150000.1.10.1 * libgo21-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libgo21-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-objc-12.3.0+git1204-150000.1.10.1 * libada12-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-12.3.0+git1204-150000.1.10.1 * gcc12-ada-12.3.0+git1204-150000.1.10.1 * gcc12-objc-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Package Hub 15 15-SP4 (aarch64 s390x x86_64) * libgphobos3-debuginfo-12.3.0+git1204-150000.1.10.1 * libgdruntime3-12.3.0+git1204-150000.1.10.1 * gcc12-d-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-d-12.3.0+git1204-150000.1.10.1 * libgphobos3-12.3.0+git1204-150000.1.10.1 * libgdruntime3-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Package Hub 15 15-SP4 (x86_64) * gcc12-obj-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-objc-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-d-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-ada-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-32bit-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * gcc12-ada-debuginfo-12.3.0+git1204-150000.1.10.1 * libgo21-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libgo21-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-12.3.0+git1204-150000.1.10.1 * gcc12-ada-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-testresults-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (s390x x86_64) * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Manager Proxy 4.2 (x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Manager Server 4.2 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * SUSE Manager Server 4.2 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7.1 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7.1 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7.1 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Enterprise Storage 7 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE CaaS Platform 4.0 (x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * SUSE CaaS Platform 4.0 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libgcc_s1-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-objc-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-ada-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-objc-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * libgo21-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-testresults-12.3.0+git1204-150000.1.10.1 * libgo21-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libada12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-ada-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * gcc12-go-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-d-32bit-12.3.0+git1204-150000.1.10.1 * libada12-32bit-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-32bit-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libada12-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-objc-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-ada-32bit-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (aarch64 s390x x86_64) * libgphobos3-debuginfo-12.3.0+git1204-150000.1.10.1 * libgdruntime3-12.3.0+git1204-150000.1.10.1 * gcc12-d-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-d-12.3.0+git1204-150000.1.10.1 * libgphobos3-12.3.0+git1204-150000.1.10.1 * libgdruntime3-debuginfo-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (s390x x86_64) * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.4 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * gcc12-fortran-12.3.0+git1204-150000.1.10.1 * libstdc++6-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-objc-12.3.0+git1204-150000.1.10.1 * cross-ppc64-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-locale-12.3.0+git1204-150000.1.10.1 * libatomic1-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-ada-12.3.0+git1204-150000.1.10.1 * libobjc4-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * libgo21-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-12.3.0+git1204-150000.1.10.1 * cross-sparc-gcc12-12.3.0+git1204-150000.1.10.1 * cross-mips-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * cross-ppc64-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cpp12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-sparc64-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libada12-12.3.0+git1204-150000.1.10.1 * libasan8-debuginfo-12.3.0+git1204-150000.1.10.1 * liblsan0-12.3.0+git1204-150000.1.10.1 * libubsan1-12.3.0+git1204-150000.1.10.1 * cross-sparcv9-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * gcc12-PIE-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-12.3.0+git1204-150000.1.10.1 * cross-riscv64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * cross-sparc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * libgcc_s1-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-rx-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-ppc64-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-sparc64-gcc12-12.3.0+git1204-150000.1.10.1 * cross-riscv64-elf-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * cross-riscv64-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-avr-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-ppc64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * gcc12-c++-12.3.0+git1204-150000.1.10.1 * libada12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-arm-none-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-c++-debuginfo-12.3.0+git1204-150000.1.10.1 * cpp12-12.3.0+git1204-150000.1.10.1 * libgcc_s1-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-arm-gcc12-12.3.0+git1204-150000.1.10.1 * libasan8-12.3.0+git1204-150000.1.10.1 * libtsan2-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-m68k-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * libgomp1-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-arm-none-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-epiphany-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * libgomp1-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-12.3.0+git1204-150000.1.10.1 * libstdc++6-12.3.0+git1204-150000.1.10.1 * gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-sparc-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-avr-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * cross-sparc-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * gcc12-objc-debuginfo-12.3.0+git1204-150000.1.10.1 * libobjc4-12.3.0+git1204-150000.1.10.1 * cross-epiphany-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * libtsan2-12.3.0+git1204-150000.1.10.1 * gcc12-12.3.0+git1204-150000.1.10.1 * cross-arm-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-arm-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * cross-rx-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * cross-mips-gcc12-12.3.0+git1204-150000.1.10.1 * cross-riscv64-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * cross-sparc64-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-arm-none-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * libatomic1-12.3.0+git1204-150000.1.10.1 * cross-mips-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-avr-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * cross-epiphany-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-m68k-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libgfortran5-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-riscv64-elf-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * cross-m68k-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-testresults-12.3.0+git1204-150000.1.10.1 * libgo21-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-arm-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libubsan1-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-m68k-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-ada-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-mips-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-riscv64-elf-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * liblsan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-devel-gcc12-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * libitm1-12.3.0+git1204-150000.1.10.1 * cross-rx-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * cross-hppa-gcc12-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-12.3.0+git1204-150000.1.10.1 * libitm1-debuginfo-12.3.0+git1204-150000.1.10.1 * libstdc++6-locale-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (ppc64le s390x x86_64) * cross-aarch64-gcc12-bootstrap-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-aarch64-gcc12-bootstrap-12.3.0+git1204-150000.1.10.1 * cross-aarch64-gcc12-bootstrap-debugsource-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (x86_64) * cross-nvptx-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-12.3.0+git1204-150000.1.10.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-nvptx-newlib12-devel-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (aarch64 s390x x86_64) * cross-ppc64le-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * libgphobos3-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-ppc64le-gcc12-12.3.0+git1204-150000.1.10.1 * libgdruntime3-12.3.0+git1204-150000.1.10.1 * gcc12-d-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-d-12.3.0+git1204-150000.1.10.1 * libgphobos3-12.3.0+git1204-150000.1.10.1 * cross-ppc64le-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * libgdruntime3-debuginfo-12.3.0+git1204-150000.1.10.1 * cross-ppc64le-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le x86_64) * cross-s390x-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-s390x-gcc12-12.3.0+git1204-150000.1.10.1 * cross-s390x-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * cross-s390x-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (s390x x86_64) * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-pp-32bit-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-d-32bit-12.3.0+git1204-150000.1.10.1 * libada12-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-12.3.0+git1204-150000.1.10.1 * libgphobos3-32bit-12.3.0+git1204-150000.1.10.1 * libstdc++6-32bit-12.3.0+git1204-150000.1.10.1 * libgo21-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-obj-c++-32bit-12.3.0+git1204-150000.1.10.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-fortran-32bit-12.3.0+git1204-150000.1.10.1 * libasan8-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-32bit-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libada12-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-go-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libitm1-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-c++-32bit-12.3.0+git1204-150000.1.10.1 * libgomp1-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-12.3.0+git1204-150000.1.10.1 * gcc12-objc-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-12.3.0+git1204-150000.1.10.1 * libgdruntime3-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * gcc12-ada-32bit-12.3.0+git1204-150000.1.10.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-150000.1.10.1 * libgfortran5-32bit-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (noarch) * gcc12-info-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-150000.1.10.1 * libquadmath0-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x) * cross-x86_64-gcc12-icecream-backend-12.3.0+git1204-150000.1.10.1 * cross-x86_64-gcc12-debugsource-12.3.0+git1204-150000.1.10.1 * cross-x86_64-gcc12-12.3.0+git1204-150000.1.10.1 * cross-x86_64-gcc12-debuginfo-12.3.0+git1204-150000.1.10.1 * openSUSE Leap 15.5 (aarch64) * libhwasan0-debuginfo-12.3.0+git1204-150000.1.10.1 * libhwasan0-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libstdc++6-12.3.0+git1204-150000.1.10.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 16:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 16:30:07 -0000 Subject: SUSE-SU-2023:2297-2: important: Security update for golang-github-vpenso-prometheus_slurm_exporter Message-ID: <168753780768.25377.6376555129489096501@smelt2.suse.de> # Security update for golang-github-vpenso-prometheus_slurm_exporter Announcement ID: SUSE-SU-2023:2297-2 Rating: important References: * #1200441 * #1209658 Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has two fixes can now be installed. ## Description: This update of golang-github-vpenso-prometheus_slurm_exporter fixes the following issues: * rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2297=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2297=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 * SUSE Package Hub 15 15-SP5 (ppc64le s390x) * golang-github-vpenso-prometheus_slurm_exporter-0.19-150300.3.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1200441 * https://bugzilla.suse.com/show_bug.cgi?id=1209658 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 16:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 16:30:09 -0000 Subject: SUSE-RU-2023:1720-2: low: Recommended update for sle-module-containers-release Message-ID: <168753780951.25377.1612787133616834266@smelt2.suse.de> # Recommended update for sle-module-containers-release Announcement ID: SUSE-RU-2023:1720-2 Rating: low References: * #1207980 Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 An update that has one recommended fix can now be installed. ## Description: This update for sle-module-containers-release provides the following fix: * Adjust the EOL date for the product. (bsc#1207980) ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1720=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1720=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * sle-module-containers-release-15.1-150100.73.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * sle-module-containers-release-15.1-150100.73.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207980 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 16:30:13 -0000 Subject: SUSE-RU-2023:2240-2: moderate: Recommended update for systemd Message-ID: <168753781351.25377.4334145769388066772@smelt2.suse.de> # Recommended update for systemd Announcement ID: SUSE-RU-2023:2240-2 Rating: moderate References: * #1203141 * #1207410 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Package Hub 15 15-SP5 An update that has two recommended fixes can now be installed. ## Description: This update for systemd fixes the following issues: * udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410) * Optimize when hundred workers claim the same symlink with the same priority (bsc#1203141) * Add nss-resolve and systemd-network to Packagehub-Subpackages (MSC-626) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2240=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2240=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2240=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nss-myhostname-249.16-150400.8.28.3 * systemd-doc-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-experimental-debuginfo-249.16-150400.8.28.3 * systemd-portable-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * systemd-experimental-249.16-150400.8.28.3 * systemd-testsuite-249.16-150400.8.28.3 * systemd-container-249.16-150400.8.28.3 * systemd-portable-debuginfo-249.16-150400.8.28.3 * systemd-testsuite-debuginfo-249.16-150400.8.28.3 * systemd-devel-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-journal-remote-249.16-150400.8.28.3 * systemd-network-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * systemd-network-debuginfo-249.16-150400.8.28.3 * systemd-coredump-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * systemd-coredump-249.16-150400.8.28.3 * nss-myhostname-debuginfo-249.16-150400.8.28.3 * systemd-journal-remote-debuginfo-249.16-150400.8.28.3 * nss-systemd-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * nss-systemd-debuginfo-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * openSUSE Leap 15.5 (x86_64) * libsystemd0-32bit-249.16-150400.8.28.3 * libsystemd0-32bit-debuginfo-249.16-150400.8.28.3 * nss-myhostname-32bit-debuginfo-249.16-150400.8.28.3 * systemd-32bit-249.16-150400.8.28.3 * libudev1-32bit-debuginfo-249.16-150400.8.28.3 * nss-myhostname-32bit-249.16-150400.8.28.3 * libudev1-32bit-249.16-150400.8.28.3 * systemd-32bit-debuginfo-249.16-150400.8.28.3 * openSUSE Leap 15.5 (noarch) * systemd-lang-249.16-150400.8.28.3 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libudev1-debuginfo-249.16-150400.8.28.3 * systemd-debuginfo-249.16-150400.8.28.3 * systemd-coredump-debuginfo-249.16-150400.8.28.3 * systemd-sysvinit-249.16-150400.8.28.3 * systemd-container-249.16-150400.8.28.3 * systemd-coredump-249.16-150400.8.28.3 * libsystemd0-debuginfo-249.16-150400.8.28.3 * systemd-devel-249.16-150400.8.28.3 * systemd-249.16-150400.8.28.3 * systemd-doc-249.16-150400.8.28.3 * systemd-container-debuginfo-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 * udev-debuginfo-249.16-150400.8.28.3 * libsystemd0-249.16-150400.8.28.3 * libudev1-249.16-150400.8.28.3 * udev-249.16-150400.8.28.3 * Basesystem Module 15-SP5 (noarch) * systemd-lang-249.16-150400.8.28.3 * Basesystem Module 15-SP5 (x86_64) * libsystemd0-32bit-249.16-150400.8.28.3 * libsystemd0-32bit-debuginfo-249.16-150400.8.28.3 * systemd-32bit-249.16-150400.8.28.3 * libudev1-32bit-debuginfo-249.16-150400.8.28.3 * libudev1-32bit-249.16-150400.8.28.3 * systemd-32bit-debuginfo-249.16-150400.8.28.3 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * systemd-debuginfo-249.16-150400.8.28.3 * systemd-network-debuginfo-249.16-150400.8.28.3 * systemd-network-249.16-150400.8.28.3 * systemd-debugsource-249.16-150400.8.28.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1203141 * https://bugzilla.suse.com/show_bug.cgi?id=1207410 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 20:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 20:30:04 -0000 Subject: SUSE-SU-2023:2628-1: important: Security update for cloud-init Message-ID: <168755220452.14826.905230012449011231@smelt2.suse.de> # Security update for cloud-init Announcement ID: SUSE-SU-2023:2628-1 Rating: important References: * #1171511 * #1203393 * #1210277 * #1210652 Cross-References: * CVE-2022-2084 * CVE-2023-1786 CVSS scores: * CVE-2022-2084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-1786 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has two fixes can now be installed. ## Description: This update for cloud-init fixes the following issues: * CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) * CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) * Update to version 23.1 * Support transactional-updates for SUSE based distros * Set ownership for new folders in Write Files Module * add OpenCloudOS and TencentOS support * lxd: Retry if the server isn't ready * test: switch pycloudlib source to pypi * test: Fix integration test deprecation message * Recognize opensuse-microos, dev tooling fixes * sources/azure: refactor imds handler into own module * docs: deprecation generation support * add function is_virtual to distro/FreeBSD * cc_ssh: support multiple hostcertificates * Fix minor schema validation regression and fixup typing * doc: Reword user data debug section * cli: schema also validate vendordata*. * ci: sort and add checks for cla signers file * Add "ederst" as contributor * readme: add reference to packages dir * docs: update downstream package list * docs: add google search verification * docs: fix 404 render use default notfound_urls_prefix in RTD conf * Fix OpenStack datasource detection on bare metal * docs: add themed RTD 404 page and pointer to readthedocs-hosted * schema: fix gpt labels, use type string for GUID * cc_disk_setup: code cleanup * netplan: keep custom strict perms when 50-cloud-init.yaml exists * cloud-id: better handling of change in datasource files * Warn on empty network key * Fix Vultr cloud_interfaces usage * cc_puppet: Update puppet service name * docs: Clarify networking docs * lint: remove httpretty * cc_set_passwords: Prevent traceback when restarting ssh * tests: fix lp1912844 * tests: Skip ansible test on bionic * Wait for NetworkManager * docs: minor polishing * CI: migrate integration-test to GH actions * Fix permission of SSH host keys * Fix default route rendering on v2 ipv6 * doc: fix path in net_convert command * docs: update net_convert docs * doc: fix dead link * cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty * distros/rhel.py: _read_hostname() missing strip on "hostname" * integration tests: add IBM VPC support * machine-id: set to uninitialized to trigger regeneration on clones * sources/azure: retry on connection error when fetching metdata * Ensure ssh state accurately obtained * bddeb: drop dh-systemd dependency on newer deb-based releases * doc: fix `config formats` link in cloudsigma.rst * Fix wrong subp syntax in cc_set_passwords.py * docs: update the PR template link to readthedocs * ci: switch unittests to gh actions * Add mount_default_fields for PhotonOS. * sources/azure: minor refactor for metadata source detection logic * add "CalvoM" as contributor * ci: doc to gh actions * lxd: handle 404 from missing devices route for LXD 4.0 * docs: Diataxis overhaul * vultr: Fix issue regarding cache and region codes * cc_set_passwords: Move ssh status checking later * Improve Wireguard module idempotency * network/netplan: add gateways as on-link when necessary * tests: test_lxd assert features.networks.zones when present * Use btrfs enquque when available (#1926) [Robert Schweikert] * sources/azure: fix device driver matching for net config (#1914) * BSD: fix duplicate macs in Ifconfig parser * pycloudlib: add lunar support for integration tests * nocloud: add support for dmi variable expansion for seedfrom URL * tools: read-version drop extra call to git describe --long * doc: improve cc_write_files doc * read-version: When insufficient tags, use cloudinit.version.get_version * mounts: document weird prefix in schema * Ensure network ready before cloud-init service runs on RHEL * docs: add copy button to code blocks * netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag * azure: fix support for systems without az command installed * Fix the distro.osfamily output problem in the openEuler system. * pycloudlib: bump commit dropping azure api smoke test * net: netplan config root read-only as wifi config can contain creds * autoinstall: clarify docs for users * sources/azure: encode health report as utf-8 * Add back gateway4/6 deprecation to docs * networkd: Add support for multiple [Route] sections * doc: add qemu tutorial * lint: fix tip-flake8 and tip-mypy * Add support for setting uid when creating users on FreeBSD * Fix exception in BSD networking code-path * Append derivatives to is_rhel list in cloud.cfg.tmpl * FreeBSD init: use cloudinit_enable as only rcvar * feat: add support aliyun metadata security harden mode * docs: uprate analyze to performance page * test: fix lxd preseed managed network config * Add support for static IPv6 addresses for FreeBSD * Make 3.12 failures not fail the build * Docs: adding relative links * Fix setup.py to align with PEP 440 versioning replacing trailing * Add "nkukard" as contributor * doc: add how to render new module doc * doc: improve module creation explanation * Add Support for IPv6 metadata to OpenStack * add xiaoge1001 to .github-cla-signers * network: Deprecate gateway{4,6} keys in network config v2 * VMware: Move Guest Customization transport from OVF to VMware * doc: home page links added * net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: * update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2628=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2628=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2628=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2628=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2628=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2628=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2628=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cloud-init-doc-23.1-150100.8.63.5 * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cloud-init-doc-23.1-150100.8.63.5 * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cloud-init-23.1-150100.8.63.5 * cloud-init-config-suse-23.1-150100.8.63.5 ## References: * https://www.suse.com/security/cve/CVE-2022-2084.html * https://www.suse.com/security/cve/CVE-2023-1786.html * https://bugzilla.suse.com/show_bug.cgi?id=1171511 * https://bugzilla.suse.com/show_bug.cgi?id=1203393 * https://bugzilla.suse.com/show_bug.cgi?id=1210277 * https://bugzilla.suse.com/show_bug.cgi?id=1210652 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 20:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 20:30:06 -0000 Subject: SUSE-RU-2023:2627-1: moderate: Recommended update for google-cloud-sap-agent Message-ID: <168755220646.14826.17774967054820239705@smelt2.suse.de> # Recommended update for google-cloud-sap-agent Announcement ID: SUSE-RU-2023:2627-1 Rating: moderate References: * #1210465 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for google-cloud-sap-agent fixes the following issues: * Update to version 1.5.1 (bsc#1210465) * No upstream changelog provided * Raise golang API version to 1.20 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2627=1 ## Package List: * Public Cloud Module 12 (aarch64 ppc64le s390x x86_64) * google-cloud-sap-agent-1.5.1-6.8.3 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1210465 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 23 20:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 23 Jun 2023 20:30:07 -0000 Subject: SUSE-RU-2023:2626-1: moderate: Recommended update for picocli Message-ID: <168755220793.14826.7997550542847481756@smelt2.suse.de> # Recommended update for picocli Announcement ID: SUSE-RU-2023:2626-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 An update that can now be installed. ## Description: This update for picocli fixes the following issues: * Update to version 4.7.4 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2626=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2626=1 ## Package List: * openSUSE Leap 15.4 (noarch) * picocli-4.7.4-150200.3.11.1 * picocli-javadoc-4.7.4-150200.3.11.1 * openSUSE Leap 15.5 (noarch) * picocli-4.7.4-150200.3.11.1 * picocli-javadoc-4.7.4-150200.3.11.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Sat Jun 24 07:03:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Jun 2023 09:03:26 +0200 (CEST) Subject: SUSE-CU-2023:2101-1: Recommended update of bci/bci-micro Message-ID: <20230624070326.3726CF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2101-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.21.2 Container Release : 21.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated From sle-updates at lists.suse.com Sat Jun 24 07:03:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Jun 2023 09:03:41 +0200 (CEST) Subject: SUSE-CU-2023:2102-1: Recommended update of bci/bci-minimal Message-ID: <20230624070341.73A40F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2102-1 Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.21.5 Container Release : 21.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:micro-image-15.4.0-21.2 updated From sle-updates at lists.suse.com Sat Jun 24 07:04:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 24 Jun 2023 09:04:16 +0200 (CEST) Subject: SUSE-CU-2023:2103-1: Recommended update of suse/sle15 Message-ID: <20230624070416.28247F3C3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2103-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.71 , suse/sle15:15.4 , suse/sle15:15.4.27.14.71 Container Release : 27.14.71 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:04:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:04:36 +0200 (CEST) Subject: SUSE-CU-2023:2105-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20230625070436.69837F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2105-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.156 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.156 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-27.14.71 updated From sle-updates at lists.suse.com Sun Jun 25 07:05:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:05:07 +0200 (CEST) Subject: SUSE-CU-2023:2106-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20230625070507.25A49F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2106-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.53 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.53 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-27.14.71 updated From sle-updates at lists.suse.com Sun Jun 25 07:08:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:08:23 +0200 (CEST) Subject: SUSE-CU-2023:2107-1: Security update of suse/sles12sp4 Message-ID: <20230625070823.53B1BF3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2107-1 Container Tags : suse/sles12sp4:26.617 , suse/sles12sp4:latest Container Release : 26.617 Severity : moderate Type : security References : 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2624-1 Released: Fri Jun 23 13:43:30 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1207534,CVE-2022-4304 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). The following package changes have been done: - base-container-licenses-3.0-1.356 updated - container-suseconnect-2.0.0-1.238 updated - libopenssl1_0_0-1.0.2p-3.78.1 updated - openssl-1_0_0-1.0.2p-3.78.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:10:57 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:10:57 +0200 (CEST) Subject: SUSE-CU-2023:2108-1: Security update of suse/sles12sp5 Message-ID: <20230625071057.E1027F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2108-1 Container Tags : suse/sles12sp5:6.5.481 , suse/sles12sp5:latest Container Release : 6.5.481 Severity : moderate Type : security References : 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2624-1 Released: Fri Jun 23 13:43:30 2023 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1207534,CVE-2022-4304 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). The following package changes have been done: - libopenssl1_0_0-1.0.2p-3.78.1 updated - openssl-1_0_0-1.0.2p-3.78.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:14:31 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:14:31 +0200 (CEST) Subject: SUSE-CU-2023:2109-1: Security update of suse/sle15 Message-ID: <20230625071431.DF311F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2109-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.782 Container Release : 6.2.782 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2622-1 Released: Fri Jun 23 13:42:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests [bsc#1201627] * Add openssl-Update-further-expiring-certificates.patch ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.0i-150100.14.56.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - openssl-1_1-1.1.0i-150100.14.56.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:17:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:17:08 +0200 (CEST) Subject: SUSE-CU-2023:2110-1: Recommended update of suse/sle15 Message-ID: <20230625071708.98608F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2110-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.308 Container Release : 9.5.308 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:19:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:19:18 +0200 (CEST) Subject: SUSE-CU-2023:2111-1: Recommended update of suse/sle15 Message-ID: <20230625071918.69BE1F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2111-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.150 , suse/sle15:15.3 , suse/sle15:15.3.17.20.150 Container Release : 17.20.150 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:20:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:20:29 +0200 (CEST) Subject: SUSE-CU-2023:2112-1: Recommended update of bci/bci-init Message-ID: <20230625072029.E2955F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2112-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.28.3 Container Release : 28.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-27.14.71 updated From sle-updates at lists.suse.com Sun Jun 25 07:21:59 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:21:59 +0200 (CEST) Subject: SUSE-CU-2023:2113-1: Recommended update of suse/pcp Message-ID: <20230625072159.67E29F3C4@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2113-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.8 , suse/pcp:5.2 , suse/pcp:5.2-17.8 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.8 Container Release : 17.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:bci-bci-init-15.4-15.4-28.3 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:05 +0200 (CEST) Subject: SUSE-CU-2023:2114-1: Security update of bci/dotnet-aspnet Message-ID: <20230625072205.17119F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2114-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-8.7 , bci/dotnet-aspnet:6.0.18 , bci/dotnet-aspnet:6.0.18-8.7 Container Release : 8.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:08 +0200 (CEST) Subject: SUSE-CU-2023:2115-1: Security update of bci/dotnet-aspnet Message-ID: <20230625072208.E2EBEF3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2115-1 Container Tags : bci/dotnet-aspnet:7.0 , bci/dotnet-aspnet:7.0-8.5 , bci/dotnet-aspnet:7.0.7 , bci/dotnet-aspnet:7.0.7-8.5 , bci/dotnet-aspnet:latest Container Release : 8.5 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:12 +0200 (CEST) Subject: SUSE-CU-2023:2116-1: Security update of bci/dotnet-sdk Message-ID: <20230625072212.99900F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2116-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-7.7 , bci/dotnet-sdk:6.0.18 , bci/dotnet-sdk:6.0.18-7.7 Container Release : 7.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:16 +0200 (CEST) Subject: SUSE-CU-2023:2117-1: Security update of bci/dotnet-sdk Message-ID: <20230625072216.54AFAF3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2117-1 Container Tags : bci/dotnet-sdk:7.0 , bci/dotnet-sdk:7.0-9.5 , bci/dotnet-sdk:7.0.7 , bci/dotnet-sdk:7.0.7-9.5 , bci/dotnet-sdk:latest Container Release : 9.5 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:20 +0200 (CEST) Subject: SUSE-CU-2023:2118-1: Security update of bci/dotnet-runtime Message-ID: <20230625072220.3609BF3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2118-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-7.7 , bci/dotnet-runtime:6.0.18 , bci/dotnet-runtime:6.0.18-7.7 Container Release : 7.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:23 +0200 (CEST) Subject: SUSE-CU-2023:2119-1: Security update of bci/dotnet-runtime Message-ID: <20230625072223.D744EF3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2119-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-9.5 , bci/dotnet-runtime:7.0.7 , bci/dotnet-runtime:7.0.7-9.5 , bci/dotnet-runtime:latest Container Release : 9.5 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:26 +0200 (CEST) Subject: SUSE-CU-2023:2120-1: Security update of bci/golang Message-ID: <20230625072226.A30A6F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2120-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-2.4.3 , bci/golang:oldstable , bci/golang:oldstable-2.4.3 Container Release : 4.3 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - libatomic1-12.3.0+git1204-150000.1.10.1 updated - libgomp1-12.3.0+git1204-150000.1.10.1 updated - libitm1-12.3.0+git1204-150000.1.10.1 updated - liblsan0-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:30 +0200 (CEST) Subject: SUSE-CU-2023:2121-1: Security update of bci/golang Message-ID: <20230625072230.28A69F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2121-1 Container Tags : bci/golang:1.20 , bci/golang:1.20-1.5.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.5.3 Container Release : 5.3 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - libatomic1-12.3.0+git1204-150000.1.10.1 updated - libgomp1-12.3.0+git1204-150000.1.10.1 updated - libitm1-12.3.0+git1204-150000.1.10.1 updated - liblsan0-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:34 +0200 (CEST) Subject: SUSE-CU-2023:2122-1: Security update of bci/bci-init Message-ID: <20230625072234.87A28F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2122-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.7.6 , bci/bci-init:latest Container Release : 7.6 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:37 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:37 +0200 (CEST) Subject: SUSE-CU-2023:2123-1: Recommended update of bci/bci-micro Message-ID: <20230625072237.16423F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2123-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.9.2 , bci/bci-micro:latest Container Release : 9.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:39 +0200 (CEST) Subject: SUSE-CU-2023:2124-1: Recommended update of bci/bci-minimal Message-ID: <20230625072239.715B3F3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2124-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.8.4 , bci/bci-minimal:latest Container Release : 8.4 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:micro-image-15.5.0-9.2 updated From sle-updates at lists.suse.com Sun Jun 25 07:22:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 25 Jun 2023 09:22:42 +0200 (CEST) Subject: SUSE-CU-2023:2125-1: Security update of bci/nodejs Message-ID: <20230625072242.ED23DF3C4@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2125-1 Container Tags : bci/node:16 , bci/node:16-7.7 , bci/nodejs:16 , bci/nodejs:16-7.7 Container Release : 7.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:03 +0200 (CEST) Subject: SUSE-CU-2023:2125-1: Security update of bci/nodejs Message-ID: <20230626070303.72FA1F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2125-1 Container Tags : bci/node:16 , bci/node:16-7.7 , bci/nodejs:16 , bci/nodejs:16-7.7 Container Release : 7.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:05 +0200 (CEST) Subject: SUSE-CU-2023:2126-1: Security update of bci/nodejs Message-ID: <20230626070305.E73B2F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2126-1 Container Tags : bci/node:18 , bci/node:18-6.7 , bci/nodejs:18 , bci/nodejs:18-6.7 Container Release : 6.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:09 +0200 (CEST) Subject: SUSE-CU-2023:2127-1: Security update of bci/openjdk-devel Message-ID: <20230626070309.3F822F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2127-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-6.14 Container Release : 6.14 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:bci-openjdk-11-15.5.11-7.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:12 +0200 (CEST) Subject: SUSE-CU-2023:2128-1: Security update of bci/openjdk Message-ID: <20230626070312.666ECF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2128-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-7.7 Container Release : 7.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:16 +0200 (CEST) Subject: SUSE-CU-2023:2129-1: Security update of bci/openjdk-devel Message-ID: <20230626070316.19104F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2129-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-8.13 , bci/openjdk-devel:latest Container Release : 8.13 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:bci-openjdk-17-15.5.17-8.6 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:19 +0200 (CEST) Subject: SUSE-CU-2023:2130-1: Security update of bci/openjdk Message-ID: <20230626070319.130AFF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2130-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-8.6 , bci/openjdk:latest Container Release : 8.6 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:22 +0200 (CEST) Subject: SUSE-CU-2023:2131-1: Security update of bci/php-apache Message-ID: <20230626070322.0ECD8F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2131-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-4.8 Container Release : 4.8 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:24 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:24 +0200 (CEST) Subject: SUSE-CU-2023:2132-1: Security update of bci/php-fpm Message-ID: <20230626070324.EDECBF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2132-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-4.7 Container Release : 4.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:27 +0200 (CEST) Subject: SUSE-CU-2023:2133-1: Security update of bci/php Message-ID: <20230626070327.F41CCF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2133-1 Container Tags : bci/php:8 , bci/php:8-4.7 Container Release : 4.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:30 +0200 (CEST) Subject: SUSE-CU-2023:2134-1: Security update of bci/python Message-ID: <20230626070330.E74DAF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2134-1 Container Tags : bci/python:3 , bci/python:3-7.4 , bci/python:3.11 , bci/python:3.11-7.4 , bci/python:latest Container Release : 7.4 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:33 +0200 (CEST) Subject: SUSE-CU-2023:2135-1: Security update of bci/python Message-ID: <20230626070333.74F94F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2135-1 Container Tags : bci/python:3 , bci/python:3-9.7 , bci/python:3.6 , bci/python:3.6-9.7 Container Release : 9.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:38 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:38 +0200 (CEST) Subject: SUSE-CU-2023:2138-1: Security update of bci/rust Message-ID: <20230626070338.02031F3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2138-1 Container Tags : bci/rust:1.70 , bci/rust:1.70-1.6.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.6.2 Container Release : 6.2 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - libatomic1-12.3.0+git1204-150000.1.10.1 updated - libgomp1-12.3.0+git1204-150000.1.10.1 updated - libitm1-12.3.0+git1204-150000.1.10.1 updated - liblsan0-12.3.0+git1204-150000.1.10.1 updated - libubsan1-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:36 +0200 (CEST) Subject: SUSE-CU-2023:2137-1: Security update of bci/rust Message-ID: <20230626070336.0D65BF3C3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2137-1 Container Tags : bci/rust:1.69 , bci/rust:1.69-2.5.2 , bci/rust:oldstable , bci/rust:oldstable-2.5.2 Container Release : 5.2 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - libatomic1-12.3.0+git1204-150000.1.10.1 updated - libgomp1-12.3.0+git1204-150000.1.10.1 updated - libitm1-12.3.0+git1204-150000.1.10.1 updated - liblsan0-12.3.0+git1204-150000.1.10.1 updated - libubsan1-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-36.5.7 updated From sle-updates at lists.suse.com Mon Jun 26 07:03:39 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:03:39 +0200 (CEST) Subject: SUSE-CU-2023:2139-1: Security update of suse/sle15 Message-ID: <20230626070339.F2291F3C3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2139-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.5.7 , suse/sle15:15.5 , suse/sle15:15.5.36.5.7 Container Release : 36.5.7 Severity : important Type : security References : 1201627 1207534 1211430 CVE-2022-4304 CVE-2023-2650 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 29171 Released: Tue Jun 20 12:29:00 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1201627,1207534,1211430,CVE-2022-4304,CVE-2023-2650 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect tests (bsc#1201627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.6.1 updated - libopenssl1_1-1.1.1l-150500.17.6.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - openssl-1_1-1.1.1l-150500.17.6.1 updated From sle-updates at lists.suse.com Mon Jun 26 07:04:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:04:10 +0200 (CEST) Subject: SUSE-CU-2023:2140-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20230626070410.554A7F3C3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2140-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.415 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.415 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-17.20.150 updated From sle-updates at lists.suse.com Mon Jun 26 07:05:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 09:05:46 +0200 (CEST) Subject: SUSE-CU-2023:2142-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20230626070546.3C7BFF3C3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2142-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.237 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.237 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-17.20.150 updated From sle-updates at lists.suse.com Mon Jun 26 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 08:30:02 -0000 Subject: SUSE-RU-2023:2629-1: important: Recommended update for evolution-data-server Message-ID: <168776820289.24568.6003150603452445399@smelt2.suse.de> # Recommended update for evolution-data-server Announcement ID: SUSE-RU-2023:2629-1 Rating: important References: * #1212116 Affected Products: * openSUSE Leap 15.4 An update that has one recommended fix can now be installed. ## Description: This update for evolution-data-server fixes the following issues: * use the non-deprecated Google OAuth2 protocol (bsc#1212116) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2629=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libecal-1_2-19-debuginfo-3.26.6-150000.3.6.1 * libedata-book-1_2-25-debuginfo-3.26.6-150000.3.6.1 * evolution-data-server-doc-3.26.6-150000.3.6.1 * libebook-contacts-1_2-2-3.26.6-150000.3.6.1 * libedataserver-1_2-22-debuginfo-3.26.6-150000.3.6.1 * libebook-contacts-1_2-2-debuginfo-3.26.6-150000.3.6.1 * libebook-1_2-19-3.26.6-150000.3.6.1 * libedataserver-1_2-22-3.26.6-150000.3.6.1 * libecal-1_2-19-3.26.6-150000.3.6.1 * libedataserverui-1_2-1-3.26.6-150000.3.6.1 * libebook-1_2-19-debuginfo-3.26.6-150000.3.6.1 * libedataserverui-1_2-1-debuginfo-3.26.6-150000.3.6.1 * libcamel-1_2-60-debuginfo-3.26.6-150000.3.6.1 * libedata-cal-1_2-28-3.26.6-150000.3.6.1 * libedata-cal-1_2-28-debuginfo-3.26.6-150000.3.6.1 * libedata-book-1_2-25-3.26.6-150000.3.6.1 * libcamel-1_2-60-3.26.6-150000.3.6.1 * openSUSE Leap 15.4 (x86_64) * libedata-cal-1_2-28-32bit-3.26.6-150000.3.6.1 * libebook-contacts-1_2-2-32bit-3.26.6-150000.3.6.1 * libebook-1_2-19-32bit-debuginfo-3.26.6-150000.3.6.1 * libecal-1_2-19-32bit-debuginfo-3.26.6-150000.3.6.1 * libcamel-1_2-60-32bit-debuginfo-3.26.6-150000.3.6.1 * libedataserverui-1_2-1-32bit-debuginfo-3.26.6-150000.3.6.1 * libebook-contacts-1_2-2-32bit-debuginfo-3.26.6-150000.3.6.1 * libedata-book-1_2-25-32bit-3.26.6-150000.3.6.1 * libedata-book-1_2-25-32bit-debuginfo-3.26.6-150000.3.6.1 * libebook-1_2-19-32bit-3.26.6-150000.3.6.1 * libedataserverui-1_2-1-32bit-3.26.6-150000.3.6.1 * libedataserver-1_2-22-32bit-3.26.6-150000.3.6.1 * libecal-1_2-19-32bit-3.26.6-150000.3.6.1 * libcamel-1_2-60-32bit-3.26.6-150000.3.6.1 * libedataserver-1_2-22-32bit-debuginfo-3.26.6-150000.3.6.1 * libedata-cal-1_2-28-32bit-debuginfo-3.26.6-150000.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212116 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 26 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 12:30:02 -0000 Subject: SUSE-FU-2023:2267-2: moderate: Feature update for glassfish-jax-rs-api and glassfish-jsp-api Message-ID: <168778260222.14759.17516186282823998278@smelt2.suse.de> # Feature update for glassfish-jax-rs-api and glassfish-jsp-api Announcement ID: SUSE-FU-2023:2267-2 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for glassfish-jax-rs-api and glassfish-jsp-api fixes the following issues: glassfish-jax-rs-api: * Version update from 2.1.5 to 2.1.6 (jsc#SLE-23217): * Fixed spec version and updated template to include Final Release if is empty. * Added Eclipse copyright notice. * Set copyright footer to 2019 Eclipse Foundation. * Use Jakarta instead of Java. * Include link to license in footer as well. glassfish-jsp-api: * Add alias to javax.servlet.jsp:jsp-api (jsc#SLE-23217) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2267=1 ## Package List: * openSUSE Leap 15.5 (noarch) * glassfish-jsp-api-javadoc-2.3.3-150200.3.3.1 * glassfish-jsp-api-2.3.3-150200.3.3.1 * glassfish-jax-rs-api-javadoc-2.1.6-150200.3.7.11 * glassfish-jax-rs-api-2.1.6-150200.3.7.11 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 26 12:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 12:30:03 -0000 Subject: SUSE-FU-2023:2266-2: moderate: Feature update for apache-parent Message-ID: <168778260375.14759.7212459827542652286@smelt2.suse.de> # Feature update for apache-parent Announcement ID: SUSE-FU-2023:2266-2 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for apache-parent fixes the following issues: Version update from 21 to 28 (jsc#SLE-23217): * Respect property assembly.tarLongFileMode * Allow custom Release Distribution Repository * Upgrade fluido skin to 1.11.0 * Add ASF Data Privacy * Drop outdated maven-docck-plugin from pluginManagement * Upgrade fluido skin to 1.11.1 * Set minimum enforced Maven version to 3.2.5 * Update m-plugin-p to 3.6.4 * Disable m2e warning for m-remote-resource-p:process * Corrected Jira URL * Update minimum version to 3.1.1 * Assume Maven 3 * Remove outdated clirr-maven-plugin * Simplify m-javadoc-p configuration * Configure release profile with dedicated parameter * Upload SHA-512 only for source-release to staging repository * Enforce minimum Java build version 8 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2266=1 ## Package List: * openSUSE Leap 15.5 (noarch) * apache-parent-28-150200.3.9.1 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 26 12:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 12:30:05 -0000 Subject: SUSE-RU-2023:2632-1: moderate: Recommended update for suseconnect-ng Message-ID: <168778260596.14759.6813015930189827032@smelt2.suse.de> # Recommended update for suseconnect-ng Announcement ID: SUSE-RU-2023:2632-1 Rating: moderate References: * #1211588 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for suseconnect-ng fixes the following issues: * Update to version 1.1.0~git2.f42b4b2a060e: * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2632=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2632=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2632=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2632=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2632=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2632=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * suseconnect-ng-debuginfo-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * suseconnect-ng-debuginfo-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * suseconnect-ruby-bindings-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * libsuseconnect-1.1.0~git2.f42b4b2a060e-150400.3.13.1 * suseconnect-ng-1.1.0~git2.f42b4b2a060e-150400.3.13.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211588 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 26 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 12:30:07 -0000 Subject: SUSE-RU-2023:2631-1: moderate: Recommended update for perf Message-ID: <168778260782.14759.15035920664899428476@smelt2.suse.de> # Recommended update for perf Announcement ID: SUSE-RU-2023:2631-1 Rating: moderate References: * #1205384 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for perf fixes the following issues: * perf c2c: fix "node/cpu topology bugFailed setup nodes" error if cpu are offline (bsc#1205384) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2631=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2631=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2631=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * perf-debuginfo-4.12.14-46.6.1 * perf-4.12.14-46.6.1 * perf-debugsource-4.12.14-46.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * perf-debuginfo-4.12.14-46.6.1 * perf-4.12.14-46.6.1 * perf-debugsource-4.12.14-46.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * perf-debuginfo-4.12.14-46.6.1 * perf-4.12.14-46.6.1 * perf-debugsource-4.12.14-46.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1205384 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Mon Jun 26 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 26 Jun 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2597-1: moderate: Recommended update for sapstartsrv-resource-agents Message-ID: <168779700333.9206.17178988005006116609@smelt2.suse.de> # Recommended update for sapstartsrv-resource-agents Announcement ID: SUSE-RU-2023:2597-1 Rating: moderate References: * #1207138 * #1210790 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SAP Applications Module 15-SP2 * SAP Applications Module 15-SP1 * SAP Applications Module 15-SP3 * SAP Applications Module 15-SP4 * SAP Applications Module 15-SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has two recommended fixes can now be installed. ## Description: This update for sapstartsrv-resource-agents fixes the following issues: * Version bump to 0.9.2 * Prevent systemd service race between sapping and sappong during system boot. (bsc#1207138) * Fix a problem of monitor/probe operation to detect a running sapstartsrv process. (bsc#1210790) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2597=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2597=1 * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2597=1 * SAP Applications Module 15-SP2 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-2597=1 * SAP Applications Module 15-SP3 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-2597=1 * SAP Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-2597=1 * SAP Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP5-2023-2597=1 ## Package List: * openSUSE Leap 15.4 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * openSUSE Leap 15.5 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * SAP Applications Module 15-SP1 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * SAP Applications Module 15-SP2 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * SAP Applications Module 15-SP3 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * SAP Applications Module 15-SP4 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 * SAP Applications Module 15-SP5 (noarch) * sapstartsrv-resource-agents-0.9.2+git.1684336720.d2ebd49-150000.1.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207138 * https://bugzilla.suse.com/show_bug.cgi?id=1210790 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 07:05:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 09:05:27 +0200 (CEST) Subject: SUSE-CU-2023:2146-1: Recommended update of suse/postgres Message-ID: <20230627070527.8A33FFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2146-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.7 , suse/postgres:14.8 , suse/postgres:14.8-22.7 Container Release : 22.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-150000.1.10.1 updated - libstdc++6-12.3.0+git1204-150000.1.10.1 updated - container:sles15-image-15.0.0-27.14.71 updated From sle-updates at lists.suse.com Tue Jun 27 09:09:43 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 09:09:43 -0000 Subject: SUSE-SU-2023:2648-1: moderate: Security update for openssl-1_1 Message-ID: <168785698314.11513.9237316814387176531@smelt2.suse.de> # Security update for openssl-1_1 Announcement ID: SUSE-SU-2023:2648-1 Rating: moderate References: * #1201627 * #1207534 Cross-References: * CVE-2022-4304 CVSS scores: * CVE-2022-4304 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2022-4304 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for openssl-1_1 fixes the following issues: * CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). * Update further expiring certificates that affect the testsuite (bsc#1201627). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2648=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2648=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2648=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2648=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2648=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2648=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2648=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * openSUSE Leap 15.4 (x86_64) * libopenssl1_1-32bit-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.42.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.42.1 * openSUSE Leap 15.4 (noarch) * openssl-1_1-doc-1.1.1l-150400.7.42.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libopenssl1_1-1.1.1l-150400.7.42.1 * openssl-1_1-1.1.1l-150400.7.42.1 * openssl-1_1-debuginfo-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-1.1.1l-150400.7.42.1 * openssl-1_1-debugsource-1.1.1l-150400.7.42.1 * libopenssl1_1-debuginfo-1.1.1l-150400.7.42.1 * Basesystem Module 15-SP4 (x86_64) * libopenssl1_1-32bit-1.1.1l-150400.7.42.1 * libopenssl1_1-hmac-32bit-1.1.1l-150400.7.42.1 * libopenssl1_1-32bit-debuginfo-1.1.1l-150400.7.42.1 * libopenssl-1_1-devel-32bit-1.1.1l-150400.7.42.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4304.html * https://bugzilla.suse.com/show_bug.cgi?id=1201627 * https://bugzilla.suse.com/show_bug.cgi?id=1207534 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 09:09:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 09:09:46 -0000 Subject: SUSE-SU-2023:2647-1: important: Security update for webkit2gtk3 Message-ID: <168785698624.11513.962744379282680180@smelt2.suse.de> # Security update for webkit2gtk3 Announcement ID: SUSE-SU-2023:2647-1 Rating: important References: * #1211658 * #1211659 * #1211846 Cross-References: * CVE-2023-28204 * CVE-2023-32373 CVSS scores: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Desktop Applications Module 15-SP4 * Desktop Applications Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and has one fix can now be installed. ## Description: This update for webkit2gtk3 fixes the following issues: Add security patches (bsc#1211846): * CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659). * CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2647=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2647=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2647=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2647=1 * Desktop Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-2647=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-2647=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2647=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2647=1 ## Package List: * openSUSE Leap 15.4 (noarch) * WebKit2GTK-5.0-lang-2.38.6-150400.4.42.4 * WebKit2GTK-4.1-lang-2.38.6-150400.4.42.4 * WebKit2GTK-4.0-lang-2.38.6-150400.4.42.4 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk4-debugsource-2.38.6-150400.4.42.4 * webkit2gtk3-minibrowser-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-4-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk4-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-minibrowser-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.42.4 * webkit2gtk4-minibrowser-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.42.4 * webkit-jsc-4-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.42.4 * webkit-jsc-5.0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-devel-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-minibrowser-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.42.4 * webkit-jsc-4.1-2.38.6-150400.4.42.4 * webkit2gtk3-minibrowser-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.42.4 * webkit2gtk3-debugsource-2.38.6-150400.4.42.4 * webkit2gtk3-devel-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-5.0-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-4.1-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-5_0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.42.4 * webkit2gtk4-minibrowser-debuginfo-2.38.6-150400.4.42.4 * openSUSE Leap 15.4 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-32bit-2.38.6-150400.4.42.4 * openSUSE Leap 15.5 (noarch) * WebKit2GTK-5.0-lang-2.38.6-150400.4.42.4 * WebKit2GTK-4.1-lang-2.38.6-150400.4.42.4 * WebKit2GTK-4.0-lang-2.38.6-150400.4.42.4 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-4_1-0-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk4-debugsource-2.38.6-150400.4.42.4 * webkit2gtk3-minibrowser-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-4-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk4-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-minibrowser-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.42.4 * webkit2gtk4-minibrowser-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.42.4 * webkit-jsc-4-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.42.4 * webkit-jsc-5.0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-devel-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-minibrowser-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.42.4 * webkit-jsc-4.1-2.38.6-150400.4.42.4 * webkit2gtk3-minibrowser-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.42.4 * webkit2gtk3-debugsource-2.38.6-150400.4.42.4 * webkit2gtk3-devel-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-5.0-debuginfo-2.38.6-150400.4.42.4 * webkit-jsc-4.1-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-5_0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.42.4 * webkit2gtk4-minibrowser-debuginfo-2.38.6-150400.4.42.4 * openSUSE Leap 15.5 (x86_64) * libwebkit2gtk-4_1-0-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-32bit-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-32bit-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-32bit-2.38.6-150400.4.42.4 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-2.38.6-150400.4.42.4 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_0-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-debugsource-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_0-18-2.38.6-150400.4.42.4 * webkit2gtk-4_0-injected-bundles-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_0-2.38.6-150400.4.42.4 * webkit2gtk3-soup2-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_0-37-2.38.6-150400.4.42.4 * Desktop Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk3-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk3-debugsource-2.38.6-150400.4.42.4 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * webkit2gtk-4_1-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-4_1-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-4_1-2.38.6-150400.4.42.4 * webkit2gtk-4_1-injected-bundles-2.38.6-150400.4.42.4 * webkit2gtk3-devel-2.38.6-150400.4.42.4 * libwebkit2gtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2WebExtension-4_1-2.38.6-150400.4.42.4 * libjavascriptcoregtk-4_1-0-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk3-debugsource-2.38.6-150400.4.42.4 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-5_0-0-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk4-debugsource-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.42.4 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libwebkit2gtk-5_0-0-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-2.38.6-150400.4.42.4 * typelib-1_0-JavaScriptCore-5_0-2.38.6-150400.4.42.4 * webkit2gtk-5_0-injected-bundles-debuginfo-2.38.6-150400.4.42.4 * webkit2gtk4-debugsource-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libwebkit2gtk-5_0-0-debuginfo-2.38.6-150400.4.42.4 * libjavascriptcoregtk-5_0-0-2.38.6-150400.4.42.4 * typelib-1_0-WebKit2-5_0-2.38.6-150400.4.42.4 ## References: * https://www.suse.com/security/cve/CVE-2023-28204.html * https://www.suse.com/security/cve/CVE-2023-32373.html * https://bugzilla.suse.com/show_bug.cgi?id=1211658 * https://bugzilla.suse.com/show_bug.cgi?id=1211659 * https://bugzilla.suse.com/show_bug.cgi?id=1211846 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 09:09:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 09:09:49 -0000 Subject: SUSE-RU-2023:2645-1: important: Recommended update for snapper Message-ID: <168785698910.11513.15027972631277194319@smelt2.suse.de> # Recommended update for snapper Announcement ID: SUSE-RU-2023:2645-1 Rating: important References: * #1211459 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for snapper fixes the following issues: * improved responsiveness of snapperd when a btrfs quota rescan is running (see bsc#1211459) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2645=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2645=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2645=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2645=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2645=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2645=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2645=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2645=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2645=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2645=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2645=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2645=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2645=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2645=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2645=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2645=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Manager Proxy 4.2 (x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * snapper-testsuite-0.8.16-150300.3.6.1 * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-testsuite-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * snapper-testsuite-0.8.16-150300.3.6.1 * snapper-zypp-plugin-0.8.16-150300.3.6.1 * snapper-zypp-plugin-debuginfo-0.8.16-150300.3.6.1 * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * pam_snapper-debuginfo-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-testsuite-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * libsnapper-devel-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * pam_snapper-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * snapper-0.8.16-150300.3.6.1 * libsnapper5-0.8.16-150300.3.6.1 * libsnapper5-debuginfo-0.8.16-150300.3.6.1 * snapper-debugsource-0.8.16-150300.3.6.1 * snapper-debuginfo-0.8.16-150300.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211459 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 09:09:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 09:09:52 -0000 Subject: SUSE-RU-2023:2644-1: moderate: Recommended update for libzypp, zypper Message-ID: <168785699278.11513.7165285600327285025@smelt2.suse.de> # Recommended update for libzypp, zypper Announcement ID: SUSE-RU-2023:2644-1 Rating: moderate References: * #1211261 * #1212187 * #1212222 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has three recommended fixes can now be installed. ## Description: This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): * build: honor libproxy.pc's includedir (bsc#1212222) * Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: * targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) * targetos: Update help and man page (bsc#1211261) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP1 zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2023-2644=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2644=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2644=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2644=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.14-150100.3.112.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libzypp-devel-17.31.14-150100.3.112.1 * zypper-1.14.61-150100.3.79.1 * zypper-debugsource-1.14.61-150100.3.79.1 * libzypp-debugsource-17.31.14-150100.3.112.1 * libzypp-debuginfo-17.31.14-150100.3.112.1 * zypper-debuginfo-1.14.61-150100.3.79.1 * libzypp-17.31.14-150100.3.112.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.61-150100.3.79.1 * zypper-log-1.14.61-150100.3.79.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libzypp-devel-17.31.14-150100.3.112.1 * zypper-1.14.61-150100.3.79.1 * zypper-debugsource-1.14.61-150100.3.79.1 * libzypp-debugsource-17.31.14-150100.3.112.1 * libzypp-debuginfo-17.31.14-150100.3.112.1 * zypper-debuginfo-1.14.61-150100.3.79.1 * libzypp-17.31.14-150100.3.112.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * zypper-needs-restarting-1.14.61-150100.3.79.1 * zypper-log-1.14.61-150100.3.79.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libzypp-devel-17.31.14-150100.3.112.1 * zypper-1.14.61-150100.3.79.1 * zypper-debugsource-1.14.61-150100.3.79.1 * libzypp-debugsource-17.31.14-150100.3.112.1 * libzypp-debuginfo-17.31.14-150100.3.112.1 * zypper-debuginfo-1.14.61-150100.3.79.1 * libzypp-17.31.14-150100.3.112.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * zypper-needs-restarting-1.14.61-150100.3.79.1 * zypper-log-1.14.61-150100.3.79.1 * SUSE CaaS Platform 4.0 (x86_64) * libzypp-devel-17.31.14-150100.3.112.1 * zypper-1.14.61-150100.3.79.1 * zypper-debugsource-1.14.61-150100.3.79.1 * libzypp-debugsource-17.31.14-150100.3.112.1 * libzypp-debuginfo-17.31.14-150100.3.112.1 * zypper-debuginfo-1.14.61-150100.3.79.1 * libzypp-17.31.14-150100.3.112.1 * SUSE CaaS Platform 4.0 (noarch) * zypper-needs-restarting-1.14.61-150100.3.79.1 * zypper-log-1.14.61-150100.3.79.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211261 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 * https://bugzilla.suse.com/show_bug.cgi?id=1212222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:29 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:29 -0000 Subject: SUSE-SU-2023:2653-1: important: Security update for the Linux Kernel Message-ID: <168786902941.12882.12136183315620837149@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2653-1 Rating: important References: * #1065729 * #1172073 * #1191731 * #1193629 * #1195655 * #1195921 * #1203906 * #1205650 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1206578 * #1207553 * #1208604 * #1208758 * #1209287 * #1209288 * #1209856 * #1209982 * #1210165 * #1210294 * #1210449 * #1210450 * #1210498 * #1210533 * #1210551 * #1210647 * #1210741 * #1210775 * #1210783 * #1210791 * #1210806 * #1210940 * #1210947 * #1211037 * #1211043 * #1211044 * #1211089 * #1211105 * #1211113 * #1211131 * #1211205 * #1211263 * #1211280 * #1211281 * #1211449 * #1211465 * #1211519 * #1211564 * #1211590 * #1211592 * #1211686 * #1211687 * #1211688 * #1211689 * #1211690 * #1211691 * #1211692 * #1211693 * #1211714 * #1211796 * #1211804 * #1211807 * #1211808 * #1211847 * #1211855 * #1211960 Cross-References: * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1079 * CVE-2023-1380 * CVE-2023-1382 * CVE-2023-2002 * CVE-2023-2124 * CVE-2023-2156 * CVE-2023-2162 * CVE-2023-2269 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-28410 * CVE-2023-3006 * CVE-2023-30456 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32233 * CVE-2023-33288 CVSS scores: * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1382 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1382 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2002 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2002 ( NVD ): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2156 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2156 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2162 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2162 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2269 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28410 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2023-3006 ( SUSE ): 4.8 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-3006 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30456 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-30456 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * Development Tools Module 15-SP4 * Legacy Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Availability Extension 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Workstation Extension 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves 23 vulnerabilities, contains 14 features and has 47 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263). * CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). * CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288). * CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855). * CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm- ioctl.c (bsc#1210806). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). * CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: * 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes). * ACPI: EC: Fix oops when removing custom query handlers (git-fixes). * ACPI: bus: Ensure that notify handlers are not running after removal (git- fixes). * ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git- fixes). * ACPI: tables: Add support for NBFT (bsc#1195921). * ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes). * ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git- fixes). * ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes). * ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes). * ALSA: firewire-digi00x: prevent potential use after free (git-fixes). * ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes). * ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes). * ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes). * ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes). * ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes). * ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes). * ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes). * ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git- fixes). * ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes). * ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git- fixes). * ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes). * ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes). * ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes). * ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes). * ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes). * ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes). * ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes). * ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes). * ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes). * ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git- fixes). * ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes). * ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git- fixes). * ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes). * ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes). * ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes). * ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git- fixes). * Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (git- fixes). * Bluetooth: btintel: Add LE States quirk support (git-fixes). * Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git- fixes). * HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes). * HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes). * HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280). * HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes). * HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes). * HID: wacom: Set a default resolution for older tablets (git-fixes). * HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes). * HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes). * HID: wacom: generic: Set battery quirk only when we see battery data (git- fixes). * IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes) * IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes) * IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git- fixes) * Input: xpad - add constants for GIP interface numbers (git-fixes). * KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git- fixes). * KVM: Destroy target device if coalesced MMIO unregistration fails (git- fixes) * KVM: Disallow user memslot with size that exceeds "unsigned long" (git- fixes) * KVM: Do not create VM debugfs files outside of the VM directory (git-fixes) * KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes) * KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes). * KVM: Prevent module exit until all VMs are freed (git-fixes) * KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git- fixes). * KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0() (git-fixes). * KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes). * KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git- fixes). * KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes). * KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes). * KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git- fixes). * KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git- fixes). * KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git- fixes). * KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes). * KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes) * KVM: arm64: Do not return from void function (git-fixes) * KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes) * KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes) * KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes) * KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes) * KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes) * KVM: arm64: Free hypervisor allocations if vector slot init fails (git- fixes) * KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes) * KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git- fixes) * KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes) * KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes) * KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git- fixes) * KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes) * KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes) * KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes) * KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git- fixes). * KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes). * KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes). * KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git- fixes). * KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails (git- fixes). * KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes). * KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes). * KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes). * KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes). * KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes). * KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git- fixes). * KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes). * KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git- fixes). * KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git- fixes). * KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes). * KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes). * KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes). * KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes). * KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git- fixes). * KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes). * KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes). * KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes). * KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes). * KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes). * KVM: x86: do not set st->preempted when going back to user space (git- fixes). * KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes). * KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes). * PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes). * PM: hibernate: Do not get block device exclusively in test_resume mode (git- fixes). * PM: hibernate: Turn snapshot_test into global variable (git-fixes). * PM: hibernate: fix load_image_and_restore() error path (git-fixes). * RDMA/bnxt_re: Fix a possible memory leak (git-fixes) * RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes) * RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes) * RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes) * RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes) * RDMA/efa: Fix unsupported page sizes in device (git-fixes) * RDMA/hns: Fix base address table allocation (git-fixes) * RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes) * RDMA/hns: Modify the value of long message loopback slice (git-fixes) * RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383). * RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383). * RDMA/irdma: Fix Local Invalidate fencing (git-fixes) * RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383). * RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383). * RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383). * RDMA/irdma: Prevent QP use after free (git-fixes) * RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383). * RDMA/irdma: Remove excess error variables (jsc#SLE-18383). * RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022). * RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022). * RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022). * RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255). * RDMA/mlx5: Fix flow counter query via DEVX (git-fixes) * RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes) * RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes) * RDMA/siw: Fix potential page_array out of range access (git-fixes) * RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes) * RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes) * Revert "KVM: set owner of cpu and vm file operations" (git-fixes) * SMB3.1.1: add new tree connect ShareFlags (bsc#1193629). * SMB3: Add missing locks to protect deferred close file list (git-fixes). * SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629). * SMB3: Close deferred file handles in case of handle lease break (bsc#1193629). * SMB3: drop reference to cfile before sending oplock break (bsc#1193629). * SMB3: force unmount was failing to close deferred close files (bsc#1193629). * SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775). * USB / dwc3: Fix a checkpatch warning in core.c (git-fixes). * USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git- fixes). * USB: core: Add routines for endpoint checks in old drivers (git-fixes). * USB: sisusbvga: Add endpoint checks (git-fixes). * USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes). * apparmor: add a kernel label to use on kernel objects (bsc#1211113). * arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes). * arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes). * arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes). * arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes). * arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes). * arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git- fixes) Enable workaround and fix kABI breakage. * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes) * arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes). * asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes). * ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes). * ata: pata_octeon_cf: drop kernel-doc notation (git-fixes). * block: add a bdev_max_zone_append_sectors helper (git-fixes). * bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git- fixes). * bnxt: Do not read past the end of test names (jsc#SLE-18978). * bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978). * bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978). * bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978). * bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978). * bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978). * bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978). * bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978). * bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978). * bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978). * can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes). * can: kvaser_pciefd: Call request_irq() before enabling interrupts (git- fixes). * can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git- fixes). * can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes). * can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes). * can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes). * can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git- fixes). * can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes). * can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes). * can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes). * cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes). * ceph: force updating the msg pointer in non-split case (bsc#1211804). * cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906). * cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650). * cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650). * cgroup: Make cgroup_get_from_id() prettier (bsc#1205650). * cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650). * cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650). * cgroup: reduce dependency on cgroup_mutex (bsc#1205650). * cifs: Avoid a cast in add_lease_context() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: Simplify SMB2_open_init() (bsc#1193629). * cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes). * cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758). * cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629). * cifs: fix potential race when tree connecting ipc (bsc#1208758). * cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758). * cifs: fix sharing of DFS connections (bsc#1208758). * cifs: fix smb1 mount regression (bsc#1193629). * cifs: mapchars mount option ignored (bsc#1193629). * cifs: missing lock when updating session status (bsc#1193629). * cifs: print smb3_fs_context::source when mounting (bsc#1193629). * cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758). * cifs: protect session status check in smb2_reconnect() (bsc#1208758). * cifs: release leases for deferred close handles when freezing (bsc#1193629). * cifs: update internal module version number for cifs.ko (bsc#1193629). * clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes). * clk: qcom: regmap: add PHY clock source implementation (git-fixes). * clk: tegra20: fix gcc-7 constant overflow warning (git-fixes). * configfs: fix possible memory leak in configfs_create_dir() (git-fixes). * crypto: acomp - define max size for destination (jsc#PED-3692) * crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692) * crypto: qat - Fix unsigned function returning negative (jsc#PED-3692) * crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692) * crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692) * crypto: qat - abstract PFVF receive logic (jsc#PED-3692) * crypto: qat - abstract PFVF send function (jsc#PED-3692) * crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692) * crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692) * crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692) * crypto: qat - add backlog mechanism (jsc#PED-3692) * crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692) * crypto: qat - add check to validate firmware images (jsc#PED-3692) * crypto: qat - add limit to linked list parsing (jsc#PED-3692) * crypto: qat - add misc workqueue (jsc#PED-3692) * crypto: qat - add missing restarting event notification in (jsc#PED-3692) * crypto: qat - add param check for DH (jsc#PED-3692) * crypto: qat - add param check for RSA (jsc#PED-3692) * crypto: qat - add pfvf_ops (jsc#PED-3692) * crypto: qat - add resubmit logic for decompression (jsc#PED-3692) * crypto: qat - add support for 401xx devices (jsc#PED-3692) * crypto: qat - add support for compression for 4xxx (jsc#PED-3692) * crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692) * crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692) * crypto: qat - change PFVF ACK behaviour (jsc#PED-3692) * crypto: qat - change behaviour of (jsc#PED-3692) * crypto: qat - change bufferlist logic interface (jsc#PED-3692) * crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692) * crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692) * crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692) * crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692) * crypto: qat - do not rely on min version (jsc#PED-3692) * crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692) * crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692) * crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692) * crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692) * crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692) * crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692) * crypto: qat - extend buffer list interface (jsc#PED-3692) * crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692) * crypto: qat - extract send and wait from (jsc#PED-3692) * crypto: qat - fix DMA transfer direction (jsc#PED-3692) * crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692) * crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692) * crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692) * crypto: qat - fix a typo in a comment (jsc#PED-3692) * crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692) * crypto: qat - fix definition of ring reset results (jsc#PED-3692) * crypto: qat - fix error return code in adf_probe (jsc#PED-3692) * crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692) * crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692) * crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692) * crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692) * crypto: qat - fix wording and formatting in code comment (jsc#PED-3692) * crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692) * crypto: qat - free irq in case of failure (jsc#PED-3692) * crypto: qat - free irqs only if allocated (jsc#PED-3692) * crypto: qat - generalize crypto request buffers (jsc#PED-3692) * crypto: qat - get compression extended capabilities (jsc#PED-3692) * crypto: qat - handle retries due to collisions in (jsc#PED-3692) * crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692) * crypto: qat - improve logging of PFVF messages (jsc#PED-3692) * crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692) * crypto: qat - introduce support for PFVF block messages (jsc#PED-3692) * crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692) * crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692) * crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692) * crypto: qat - make PFVF message construction direction (jsc#PED-3692) * crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692) * crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692) * crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692) * crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692) * crypto: qat - move pfvf collision detection values (jsc#PED-3692) * crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692) * crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692) * crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692) * crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692) * crypto: qat - re-enable registration of algorithms (jsc#PED-3692) * crypto: qat - refactor PF top half for PFVF (jsc#PED-3692) * crypto: qat - refactor pfvf version request messages (jsc#PED-3692) * crypto: qat - refactor submission logic (jsc#PED-3692) * crypto: qat - relocate PFVF PF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF VF related logic (jsc#PED-3692) * crypto: qat - relocate PFVF disabled function (jsc#PED-3692) * crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692) * crypto: qat - relocate backlog related structures (jsc#PED-3692) * crypto: qat - relocate bufferlist logic (jsc#PED-3692) * crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692) * crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692) * crypto: qat - remove empty sriov_configure() (jsc#PED-3692) * crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692) * crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692) * crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692) * crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692) * crypto: qat - remove unneeded assignment (jsc#PED-3692) * crypto: qat - remove unneeded braces (jsc#PED-3692) * crypto: qat - remove unneeded packed attribute (jsc#PED-3692) * crypto: qat - remove unused PFVF stubs (jsc#PED-3692) * crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692) * crypto: qat - rename bufferlist functions (jsc#PED-3692) * crypto: qat - rename pfvf collision constants (jsc#PED-3692) * crypto: qat - reorganize PFVF code (jsc#PED-3692) * crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692) * crypto: qat - replace deprecated MSI API (jsc#PED-3692) * crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692) * crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692) * crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692) * crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692) * crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692) * crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692) * crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692) * crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692) * crypto: qat - simplify adf_enable_aer() (jsc#PED-3692) * crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692) * crypto: qat - split PFVF message decoding from handling (jsc#PED-3692) * crypto: qat - stop using iommu_present() (jsc#PED-3692) * crypto: qat - store the PFVF protocol version of the (jsc#PED-3692) * crypto: qat - store the ring-to-service mapping (jsc#PED-3692) * crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692) * crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692) * crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692) * crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692) * crypto: qat - use hweight for bit counting (jsc#PED-3692) * crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692) * crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692) * crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692) * crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes). * cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992). * debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes). * dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes). * dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes). * dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes). * dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes). * dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes). * dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes). * dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes). * dmaengine: mv_xor_v2: Fix an error code (git-fixes). * do not reuse connection if share marked as isolated (bsc#1193629). * docs: networking: fix x25-iface.rst heading & index order (git-fixes). * drivers: base: component: fix memory leak with using debugfs_lookup() (git- fixes). * drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes). * drm-hyperv: Add a bug reference to two existing changes (bsc#1211281). * drm/amd/display: Fix hang when skipping modeset (git-fixes). * drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes). * drm/amd/display: fix flickering caused by S/G mode (git-fixes). * drm/amd: Fix an out of bounds error in BIOS parser (git-fixes). * drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes). * drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git- fixes). * drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes). * drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes). * drm/displayid: add displayid_get_header() and check bounds better (git- fixes). * drm/exynos: fix g2d_open/close helper function definitions (git-fixes). * drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git- fixes). * drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes). * drm/i915/dg2: Support 4k at 30 on HDMI (git-fixes). * drm/i915/dp: prevent potential div-by-zero (git-fixes). * drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes). * drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes). * drm/msm/dp: unregister audio driver during unbind (git-fixes). * drm/msm/dpu: Add INTF_5 interrupts (git-fixes). * drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git- fixes). * drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes). * drm/sched: Remove redundant check (git-fixes). * drm/tegra: Avoid potential 32-bit integer overflow (git-fixes). * drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes). * drm/ttm: optimize pool allocations a bit v2 (git-fixes). * dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes). * dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes). * dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes). * dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes). * dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type (git-fixes). * f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes). * fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes). * fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes). * fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes). * fbdev: udlfb: Fix endpoint check (git-fixes). * firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes). * firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes). * fuse: always revalidate rename target dentry (bsc#1211808). * fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807). * futex: Resend potentially swallowed owner death notification (git-fixes). * google/gve:fix repeated words in comments (bsc#1211519). * gpio: mockup: Fix mode of debugfs files (git-fixes). * gve: Adding a new AdminQ command to verify driver (bsc#1211519). * gve: Cache link_speed value from device (git-fixes). * gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). * gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519). * gve: Handle alternate miss completions (bsc#1211519). * gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). * gve: Remove the code of clearing PBA bit (git-fixes). * gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes). * gve: enhance no queue page list detection (bsc#1211519). * i2c: omap: Fix standard mode false ACK readings (git-fixes). * i2c: tegra: Fix PEC support for SMBUS block read (git-fixes). * i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378). * i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378). * i40e: Fix DMA mappings leak (jsc#SLE-18378). * i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378). * i40e: Fix VF set max MTU size (jsc#SLE-18378). * i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378). * i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378). * i40e: Fix calculating the number of queue pairs (jsc#SLE-18378). * i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378). * i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378). * i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378). * i40e: Fix for VF MAC address 0 (jsc#SLE-18378). * i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378). * i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378). * i40e: Fix kernel crash during module removal (jsc#SLE-18378). * i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378). * i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378). * i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378). * i40e: Refactor tc mqprio checks (jsc#SLE-18378). * i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378). * i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378). * i40e: fix flow director packet filter programming (jsc#SLE-18378). * i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378). * i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378). * iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385). * iavf: Detach device during reset task (jsc#SLE-18385). * iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385). * iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385). * iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385). * iavf: Fix a crash during reset task (jsc#SLE-18385). * iavf: Fix bad page state (jsc#SLE-18385). * iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385). * iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385). * iavf: Fix max_rate limiting (jsc#SLE-18385). * iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385). * iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385). * iavf: fix hang on reboot with ice (jsc#SLE-18385). * iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385). * iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385). * ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375). * ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375). * igb: Add lock to avoid data race (jsc#SLE-18379). * igb: Enable SR-IOV after reinit (jsc#SLE-18379). * igb: Initialize mailbox message for VF reset (jsc#SLE-18379). * igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379). * igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379). * igbvf: Regard vf reset nack as success (jsc#SLE-18379). * igc: Add checking for basetime less than zero (jsc#SLE-18377). * igc: Add ndo_tx_timeout support (jsc#SLE-18377). * igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377). * igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377). * igc: Lift TAPRIO schedule restriction (jsc#SLE-18377). * igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377). * igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377). * igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377). * igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377). * igc: fix the validation logic for taprio's gate list (jsc#SLE-18377). * igc: read before write to SRRCTL register (jsc#SLE-18377). * igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377). * igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377). * iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes). * iio: adc: ad7192: Change "shorted" channels to differential (git-fixes). * iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes). * iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes). * iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes). * iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes). * iio: imu: inv_icm42600: fix timestamp reset (git-fixes). * iio: light: vcnl4035: fixed chip ID check (git-fixes). * intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379). * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553). * ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384). * ixgbe: Enable setting RSS table to default values (jsc#SLE-18384). * ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384). * ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384). * ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384). * ixgbe: fix pci device refcount leak (jsc#SLE-18384). * ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384). * kABI workaround for btbcm.c (git-fixes). * kABI workaround for mt76_poll_msec() (git-fixes). * kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes) * kabi/severities: added Microsoft mana symbold (bsc#1210551) * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). * kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes). * leds: Fix reference to led_set_brightness() in doc (git-fixes). * leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes). * leds: tca6507: Fix error handling of using fwnode_property_read_string (git- fixes). * libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes). * locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes). * mailbox: zynqmp: Fix IPI isr handling (git-fixes). * mailbox: zynqmp: Fix typo in IPI documentation (git-fixes). * mce: fix set_mce_nospec to always unmap the whole page (git-fixes). * media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes). * media: netup_unidvb: fix use-after-free at del_timer() (git-fixes). * media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git- fixes). * media: radio-shark: Add endpoint checks (git-fixes). * media: rcar_fdp1: Fix the correct variable assignments (git-fixes). * media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes). * memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449). * mfd: dln2: Fix memory leak in dln2_probe() (git-fixes). * mfd: tqmx86: Correct board names for TQMxE39x (git-fixes). * mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes). * misc: fastrpc: reject new invocations during device removal (git-fixes). * misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes). * mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes). * mmc: vub300: fix invalid response handling (git-fixes). * mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git- fixes). * mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes). * mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes). * mtd: rawnand: marvell: ensure timing values are written (git-fixes). * net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes). * net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes). * net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes). * net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982). * net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022). * net: mana: Add support for jumbo frame (bsc#1210551). * net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551). * net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022). * net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022). * net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022). * net: mana: Enable RX path to handle various MTU sizes (bsc#1210551). * net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022). * net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git- fixes). * net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022). * net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022). * net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022). * net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022). * net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551). * net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551). * net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022). * net: mana: Use napi_build_skb in RX path (bsc#1210551). * net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git- fixes). * net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564). * net: phy: dp83867: add w/a for packet errors seen with short cables (git- fixes). * net: qrtr: correct types of trace event parameters (git-fixes). * net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes). * net: tun: avoid disabling NAPI twice (git-fixes). * net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes). * net: tun: stop NAPI when detaching queues (git-fixes). * net: tun: unlink NAPI from device on destruction (git-fixes). * net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes). * net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes). * nilfs2: do not write dirty data after degenerating to read-only (git-fixes). * nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes). * nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git- fixes). * nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git- fixes). * nvme-multipath: fix hang when disk goes live over reconnect (git-fixes). * nvme-pci: add quirks for Samsung X5 SSDs (git-fixes). * nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git- fixes). * nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git- fixes). * nvme-pci: clear the prp2 field when not used (git-fixes). * nvme-pci: disable write zeroes on various Kingston SSD (git-fixes). * nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git- fixes). * nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes). * nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes). * nvme-tcp: fix a possible UAF when failing to allocate an io queue (git- fixes). * nvme-tcp: fix bogus request completion when failing to send AER (git-fixes). * nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes). * nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes). * nvme: also return I/O command effects from nvme_command_effects (git-fixes). * nvme: check for duplicate identifiers earlier (git-fixes). * nvme: cleanup __nvme_check_ids (git-fixes). * nvme: fix discard support without oncs (git-fixes). * nvme: fix interpretation of DMRSL (git-fixes). * nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes). * nvme: fix passthrough csi check (git-fixes). * nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes). * nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes). * nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes). * nvme: set non-mdts limits in nvme_scan_work (git-fixes). * nvmet-tcp: add bounds check on Transfer Tag (git-fixes). * nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes). * nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes). * nvmet: fix mar and mor off-by-one errors (git-fixes). * nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes). * nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes). * nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git- fixes). * nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes). * phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes). * phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes). * pinctrl: qcom: lpass-lpi: set output value before enabling output (git- fixes). * pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes). * platform/x86: hp-wmi: Support touchpad on/off (git-fixes). * platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes). * platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git- fixes). * platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes). * power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes). * power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes). * power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes). * power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes). * power: supply: bq27xxx: Fix poll_interval handling and races on remove (git- fixes). * power: supply: bq27xxx: expose battery data when CI=1 (git-fixes). * power: supply: leds: Fix blink to LED on transition (git-fixes). * power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes). * powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes). * powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729). * powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729). * pstore: Revert pmsg_lock back to a normal mutex (git-fixes). * purgatory: fix disabling debug info (git-fixes). * pwm: meson: Fix axg ao mux parents (git-fixes). * pwm: meson: Fix g12a ao clk81 name (git-fixes). * qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001). * qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001). * qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001). * qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001). * qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001). * r8152: fix flow control issue of RTL8156A (git-fixes). * r8152: fix the poor throughput for 2.5G devices (git-fixes). * r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes). * regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git- fixes). * regulator: mt6359: add read check for PMIC MT6359 (git-fixes). * regulator: pca9450: Fix BUCK2 enable_mask (git-fixes). * remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes). * ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes). * ring-buffer: Fix kernel-doc (git-fixes). * ring-buffer: Sync IRQ works before buffer destruction (git-fixes). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rtmutex: Ensure that the top waiter is always woken up (git-fixes). * s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947) * s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686). * s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687). * s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes). * s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git- fixes bsc#1211688). * s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689). * s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690). * s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691). * s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692). * s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693). * s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes). * s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes). * s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714). * s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733). * scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes). * scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes). * scsi: libsas: Add sas_ata_device_link_abort() (git-fixes). * scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git- fixes). * scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847). * scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847). * scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847). * scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847). * scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847). * scsi: lpfc: Update congestion warning notification period (bsc#1211847). * scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847). * scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes). * scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes). * scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes). * scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960). * scsi: qla2xxx: Fix hang in task management (bsc#1211960). * scsi: qla2xxx: Fix mem access after free (bsc#1211960). * scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960). * scsi: qla2xxx: Fix task management cmd failure (bsc#1211960). * scsi: qla2xxx: Multi-que support for TMF (bsc#1211960). * scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960). * scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960). * scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960). * scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960). * scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960). * scsi: ses: Handle enclosure with just a primary component gracefully (git- fixes). * scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes). * selftests mount: Fix mount_setattr_test builds failed (git-fixes). * selftests/resctrl: Allow ->setup() to return errors (git-fixes). * selftests/resctrl: Check for return value after write_schemata() (git- fixes). * selftests/resctrl: Extend CPU vendor detection (git-fixes). * selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes). * selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes). * selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes). * selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes). * selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes). * selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes). * selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes). * selftests: xsk: Disable IPv6 on VETH1 (git-fixes). * selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes). * selinux: do not use make's grouped targets feature yet (git-fixes). * serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes). * serial: 8250_bcm7271: balance clk_enable calls (git-fixes). * serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes). * serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes). * serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git- fixes). * serial: Add support for Advantech PCI-1611U card (git-fixes). * serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes). * serial: qcom-geni: fix enabling deactivated interrupt (git-fixes). * serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes). * sfc: Change VF mac via PF as first preference if available (git-fixes). * sfc: Fix module EEPROM reporting for QSFP modules (git-fixes). * sfc: Fix use-after-free due to selftest_work (git-fixes). * sfc: correctly advertise tunneled IPv6 segmentation (git-fixes). * sfc: ef10: do not overwrite offload features at NIC reset (git-fixes). * sfc: fix TX channel offset when using legacy interrupts (git-fixes). * sfc: fix considering that all channels have TX queues (git-fixes). * sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes). * sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes). * sfc: include vport_id in filter spec hash and equal() (git-fixes). * smb3: display debug information better for encryption (bsc#1193629). * smb3: fix problem remounting a share after shutdown (bsc#1193629). * smb3: improve parallel reads of large files (bsc#1193629). * smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629). * smb3: move some common open context structs to smbfs_common (bsc#1193629). * soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes). * soundwire: qcom: gracefully handle too many ports in DT (git-fixes). * spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes). * spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). * staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes). * struct ci_hdrc: hide new member at end (git-fixes). * supported.conf: mark mana_ib supported * swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes). * thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165). * thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165). * tools/virtio: compile with -pthread (git-fixes). * tools/virtio: fix the vringh test for virtio ring changes (git-fixes). * tools/virtio: fix virtio_test execution (git-fixes). * tools/virtio: initialize spinlocks in vring_test.c (git-fixes). * tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git- fixes). * tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes). * tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes). * tracing: Fix permissions for the buffer_percent file (git-fixes). * tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes). * usb-storage: fix deadlock when a scsi command timeouts more than once (git- fixes). * usb: chipidea: core: fix possible concurrent when switch role (git-fixes). * usb: dwc3: Align DWC3_EP_* flag macros (git-fixes). * usb: dwc3: Fix a repeated word checkpatch warning (git-fixes). * usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes). * usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes). * usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes). * usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes). * usb: dwc3: gadget: Delay issuing End Transfer (git-fixes). * usb: dwc3: gadget: Execute gadget stop after halting the controller (git- fixes). * usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes). * usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes). * usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git- fixes). * usb: dwc3: remove a possible unnecessary 'out of memory' message (git- fixes). * usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes). * usb: gadget: u_ether: Fix host MAC address case (git-fixes). * usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes). * usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes). * usb: typec: tcpm: fix multiple times discover svids error (git-fixes). * usb: usbfs: Enforce page requirements for mmap (git-fixes). * usb: usbfs: Use consistent mmap functions (git-fixes). * usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796). * vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes). * vdpa: fix use-after-free on vp_vdpa_remove (git-fixes). * vhost/net: Clear the pending messages when the backend is removed (git- fixes). * virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes). * virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes). * virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes). * virtio_net: split free_unused_bufs() (git-fixes). * virtio_net: suppress cpu stall when free_unused_bufs (git-fixes). * watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git- fixes). * watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes). * wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes). * wifi: ath: Silence memcpy run-time false positive warning (git-fixes). * wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes). * wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes). * wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes). * wifi: iwlwifi: fw: fix DBGI dump (git-fixes). * wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes). * wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes). * wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes). * wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git- fixes). * wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes). * wifi: mac80211: fix min center freq offset tracing (git-fixes). * wifi: mt76: add flexible polling wait-interval support (git-fixes). * wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git- fixes). * wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes). * wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes). * wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes). * workqueue: Fix hung time report of worker pools (bsc#1211044). * workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044). * workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044). * workqueue: Warn when a new worker could not be created (bsc#1211044). * workqueue: Warn when a rescuer could not be created (bsc#1211044). * x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes). * x86/MCE/AMD: Use an u64 for bank_map (git-fixes). * x86/alternative: Make debug-alternative selective (bsc#1206578). * x86/alternative: Report missing return thunk details (git-fixes). * x86/alternative: Support relocations in alternatives (bsc#1206578). * x86/amd: Use IBPB for firmware calls (git-fixes). * x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes). * x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes). * x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes). * x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts (git-fixes). * x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes). * x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes). * x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes). * x86/fault: Cast an argument to the proper address space in prefetch() (git- fixes). * x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205). * x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git- fixes). * x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes). * x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes). * x86/hyperv: Block root partition functionality in a Confidential VM (git- fixes). * x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578). * x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch * x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git- fixes). * x86/microcode/AMD: Fix mixed steppings support (git-fixes). * x86/microcode/AMD: Track patch allocation size explicitly (git-fixes). * x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes). * x86/microcode: Add explicit CPU vendor dependency (git-fixes). * x86/microcode: Adjust late loading result reporting message (git-fixes). * x86/microcode: Rip out the OLD_INTERFACE (git-fixes). * x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes). * x86/mm: Use proper mask when setting PUD mapping (git-fixes). * x86/nospec: Unwreck the RSB stuffing (git-fixes). * x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes). * x86/pat: Fix x86_has_pat_wp() (git-fixes). * x86/pm: Add enumeration check before spec MSRs save/restore setup (git- fixes). * x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes). * x86/resctrl: Fix min_cbm_bits for AMD (git-fixes). * x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes). * x86/signal: Fix the value returned by strict_sas_size() (git-fixes). * x86/speculation/mmio: Print SMT warning (git-fixes). * x86/speculation: Identify processors vulnerable to SMT RSB predictions (git- fixes). * x86/static_call: Serialize __static_call_fixup() properly (git-fixes). * x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). * x86/topology: Fix duplicated core ID within a package (git-fixes). * x86/topology: Fix multiple packages shown on a single-package system (git- fixes). * x86/tsx: Add a feature bit for TSX control MSR support (git-fixes). * x86: Fix return value of __setup handlers (git-fixes). * x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes). * xen/netback: do not do grant copy across page boundary (git-fixes). * xen/netback: use same error messages for same errors (git-fixes). * xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes). * xhci: Fix incorrect tracking of free space on transfer rings (git-fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2653=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2653=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2653=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2653=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2653=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2653=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2653=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2653=1 * Legacy Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-2653=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2653=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. * SUSE Linux Enterprise High Availability Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2653=1 * SUSE Linux Enterprise Workstation Extension 15 SP4 zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-2653=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 nosrc x86_64) * kernel-default-5.14.21-150400.24.66.1 * openSUSE Leap Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kernel-default-livepatch-devel-5.14.21-150400.24.66.1 * kernel-default-extra-5.14.21-150400.24.66.1 * cluster-md-kmp-default-5.14.21-150400.24.66.1 * kernel-syms-5.14.21-150400.24.66.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * dlm-kmp-default-debuginfo-5.14.21-150400.24.66.1 * reiserfs-kmp-default-5.14.21-150400.24.66.1 * kselftests-kmp-default-5.14.21-150400.24.66.1 * kernel-default-devel-5.14.21-150400.24.66.1 * ocfs2-kmp-default-5.14.21-150400.24.66.1 * kernel-obs-build-debugsource-5.14.21-150400.24.66.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.66.1 * kselftests-kmp-default-debuginfo-5.14.21-150400.24.66.1 * dlm-kmp-default-5.14.21-150400.24.66.1 * kernel-default-optional-debuginfo-5.14.21-150400.24.66.1 * kernel-default-livepatch-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-obs-build-5.14.21-150400.24.66.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.66.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.66.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-optional-5.14.21-150400.24.66.1 * kernel-obs-qa-5.14.21-150400.24.66.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.66.1 * gfs2-kmp-default-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (nosrc ppc64le x86_64) * kernel-debug-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (ppc64le x86_64) * kernel-debug-devel-5.14.21-150400.24.66.1 * kernel-debug-devel-debuginfo-5.14.21-150400.24.66.1 * kernel-debug-debuginfo-5.14.21-150400.24.66.1 * kernel-debug-livepatch-devel-5.14.21-150400.24.66.1 * kernel-debug-debugsource-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (aarch64 ppc64le x86_64) * kernel-default-base-rebuild-5.14.21-150400.24.66.1.150400.24.29.1 * kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.66.1 * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * kernel-kvmsmall-debugsource-5.14.21-150400.24.66.1 * kernel-kvmsmall-devel-5.14.21-150400.24.66.1 * kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.66.1 * kernel-kvmsmall-debuginfo-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (noarch) * kernel-source-5.14.21-150400.24.66.1 * kernel-macros-5.14.21-150400.24.66.1 * kernel-source-vanilla-5.14.21-150400.24.66.1 * kernel-docs-html-5.14.21-150400.24.66.2 * kernel-devel-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.66.2 * openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64) * kernel-kvmsmall-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.66.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (aarch64) * dtb-rockchip-5.14.21-150400.24.66.1 * kernel-64kb-devel-5.14.21-150400.24.66.1 * dtb-lg-5.14.21-150400.24.66.1 * dtb-cavium-5.14.21-150400.24.66.1 * dtb-nvidia-5.14.21-150400.24.66.1 * dtb-hisilicon-5.14.21-150400.24.66.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.66.1 * gfs2-kmp-64kb-5.14.21-150400.24.66.1 * ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * dlm-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * ocfs2-kmp-64kb-5.14.21-150400.24.66.1 * dlm-kmp-64kb-5.14.21-150400.24.66.1 * dtb-arm-5.14.21-150400.24.66.1 * dtb-qcom-5.14.21-150400.24.66.1 * kselftests-kmp-64kb-5.14.21-150400.24.66.1 * gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * dtb-renesas-5.14.21-150400.24.66.1 * cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * kernel-64kb-optional-debuginfo-5.14.21-150400.24.66.1 * dtb-exynos-5.14.21-150400.24.66.1 * kernel-64kb-optional-5.14.21-150400.24.66.1 * kernel-64kb-debuginfo-5.14.21-150400.24.66.1 * dtb-broadcom-5.14.21-150400.24.66.1 * dtb-freescale-5.14.21-150400.24.66.1 * dtb-xilinx-5.14.21-150400.24.66.1 * dtb-amlogic-5.14.21-150400.24.66.1 * dtb-apm-5.14.21-150400.24.66.1 * kernel-64kb-debugsource-5.14.21-150400.24.66.1 * dtb-allwinner-5.14.21-150400.24.66.1 * dtb-mediatek-5.14.21-150400.24.66.1 * kernel-64kb-livepatch-devel-5.14.21-150400.24.66.1 * dtb-marvell-5.14.21-150400.24.66.1 * dtb-sprd-5.14.21-150400.24.66.1 * reiserfs-kmp-64kb-5.14.21-150400.24.66.1 * cluster-md-kmp-64kb-5.14.21-150400.24.66.1 * dtb-apple-5.14.21-150400.24.66.1 * kernel-64kb-extra-5.14.21-150400.24.66.1 * dtb-altera-5.14.21-150400.24.66.1 * dtb-amd-5.14.21-150400.24.66.1 * reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * dtb-amazon-5.14.21-150400.24.66.1 * kernel-64kb-extra-debuginfo-5.14.21-150400.24.66.1 * kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.66.1 * dtb-socionext-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (nosrc) * dtb-aarch64-5.14.21-150400.24.66.1 * openSUSE Leap 15.4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (aarch64 nosrc) * kernel-64kb-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (aarch64) * kernel-64kb-debugsource-5.14.21-150400.24.66.1 * kernel-64kb-devel-debuginfo-5.14.21-150400.24.66.1 * kernel-64kb-debuginfo-5.14.21-150400.24.66.1 * kernel-64kb-devel-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (aarch64 ppc64le x86_64) * kernel-default-base-5.14.21-150400.24.66.1.150400.24.29.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-5.14.21-150400.24.66.1 * kernel-default-devel-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (noarch) * kernel-macros-5.14.21-150400.24.66.1 * kernel-devel-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (nosrc s390x) * kernel-zfcpdump-5.14.21-150400.24.66.1 * Basesystem Module 15-SP4 (s390x) * kernel-zfcpdump-debugsource-5.14.21-150400.24.66.1 * kernel-zfcpdump-debuginfo-5.14.21-150400.24.66.1 * Development Tools Module 15-SP4 (noarch nosrc) * kernel-docs-5.14.21-150400.24.66.2 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kernel-syms-5.14.21-150400.24.66.1 * kernel-obs-build-debugsource-5.14.21-150400.24.66.1 * kernel-obs-build-5.14.21-150400.24.66.1 * Development Tools Module 15-SP4 (noarch) * kernel-source-5.14.21-150400.24.66.1 * Legacy Module 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.66.1 * Legacy Module 15-SP4 (aarch64 ppc64le s390x x86_64) * reiserfs-kmp-default-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * reiserfs-kmp-default-debuginfo-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Live Patching 15-SP4 (nosrc) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-default-livepatch-5.14.21-150400.24.66.1 * kernel-default-livepatch-devel-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-livepatch-5_14_21-150400_24_66-default-debuginfo-1-150400.9.3.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * kernel-livepatch-SLE15-SP4_Update_13-debugsource-1-150400.9.3.1 * kernel-livepatch-5_14_21-150400_24_66-default-1-150400.9.3.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64) * dlm-kmp-default-debuginfo-5.14.21-150400.24.66.1 * gfs2-kmp-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * ocfs2-kmp-default-5.14.21-150400.24.66.1 * cluster-md-kmp-default-5.14.21-150400.24.66.1 * ocfs2-kmp-default-debuginfo-5.14.21-150400.24.66.1 * cluster-md-kmp-default-debuginfo-5.14.21-150400.24.66.1 * dlm-kmp-default-5.14.21-150400.24.66.1 * gfs2-kmp-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (nosrc) * kernel-default-5.14.21-150400.24.66.1 * SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64) * kernel-default-extra-5.14.21-150400.24.66.1 * kernel-default-extra-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debuginfo-5.14.21-150400.24.66.1 * kernel-default-debugsource-5.14.21-150400.24.66.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1382.html * https://www.suse.com/security/cve/CVE-2023-2002.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2156.html * https://www.suse.com/security/cve/CVE-2023-2162.html * https://www.suse.com/security/cve/CVE-2023-2269.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-28410.html * https://www.suse.com/security/cve/CVE-2023-3006.html * https://www.suse.com/security/cve/CVE-2023-30456.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://bugzilla.suse.com/show_bug.cgi?id=1065729 * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1193629 * https://bugzilla.suse.com/show_bug.cgi?id=1195655 * https://bugzilla.suse.com/show_bug.cgi?id=1195921 * https://bugzilla.suse.com/show_bug.cgi?id=1203906 * https://bugzilla.suse.com/show_bug.cgi?id=1205650 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1206578 * https://bugzilla.suse.com/show_bug.cgi?id=1207553 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1208758 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209288 * https://bugzilla.suse.com/show_bug.cgi?id=1209856 * https://bugzilla.suse.com/show_bug.cgi?id=1209982 * https://bugzilla.suse.com/show_bug.cgi?id=1210165 * https://bugzilla.suse.com/show_bug.cgi?id=1210294 * https://bugzilla.suse.com/show_bug.cgi?id=1210449 * https://bugzilla.suse.com/show_bug.cgi?id=1210450 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210533 * https://bugzilla.suse.com/show_bug.cgi?id=1210551 * https://bugzilla.suse.com/show_bug.cgi?id=1210647 * https://bugzilla.suse.com/show_bug.cgi?id=1210741 * https://bugzilla.suse.com/show_bug.cgi?id=1210775 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210806 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1210947 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211044 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211113 * https://bugzilla.suse.com/show_bug.cgi?id=1211131 * https://bugzilla.suse.com/show_bug.cgi?id=1211205 * https://bugzilla.suse.com/show_bug.cgi?id=1211263 * https://bugzilla.suse.com/show_bug.cgi?id=1211280 * https://bugzilla.suse.com/show_bug.cgi?id=1211281 * https://bugzilla.suse.com/show_bug.cgi?id=1211449 * https://bugzilla.suse.com/show_bug.cgi?id=1211465 * https://bugzilla.suse.com/show_bug.cgi?id=1211519 * https://bugzilla.suse.com/show_bug.cgi?id=1211564 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211686 * https://bugzilla.suse.com/show_bug.cgi?id=1211687 * https://bugzilla.suse.com/show_bug.cgi?id=1211688 * https://bugzilla.suse.com/show_bug.cgi?id=1211689 * https://bugzilla.suse.com/show_bug.cgi?id=1211690 * https://bugzilla.suse.com/show_bug.cgi?id=1211691 * https://bugzilla.suse.com/show_bug.cgi?id=1211692 * https://bugzilla.suse.com/show_bug.cgi?id=1211693 * https://bugzilla.suse.com/show_bug.cgi?id=1211714 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 * https://bugzilla.suse.com/show_bug.cgi?id=1211804 * https://bugzilla.suse.com/show_bug.cgi?id=1211807 * https://bugzilla.suse.com/show_bug.cgi?id=1211808 * https://bugzilla.suse.com/show_bug.cgi?id=1211847 * https://bugzilla.suse.com/show_bug.cgi?id=1211855 * https://bugzilla.suse.com/show_bug.cgi?id=1211960 * https://jira.suse.com/browse/PED-3692 * https://jira.suse.com/browse/PED-4022 * https://jira.suse.com/browse/SLE-18375 * https://jira.suse.com/browse/SLE-18377 * https://jira.suse.com/browse/SLE-18378 * https://jira.suse.com/browse/SLE-18379 * https://jira.suse.com/browse/SLE-18383 * https://jira.suse.com/browse/SLE-18384 * https://jira.suse.com/browse/SLE-18385 * https://jira.suse.com/browse/SLE-18978 * https://jira.suse.com/browse/SLE-18992 * https://jira.suse.com/browse/SLE-19001 * https://jira.suse.com/browse/SLE-19255 * https://jira.suse.com/browse/SLE-19556 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:42 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:42 -0000 Subject: SUSE-SU-2023:2651-1: important: Security update for the Linux Kernel Message-ID: <168786904245.12882.14098956361009661308@smelt2.suse.de> # Security update for the Linux Kernel Announcement ID: SUSE-SU-2023:2651-1 Rating: important References: * #1172073 * #1184208 * #1191731 * #1199046 * #1204405 * #1205756 * #1205758 * #1205760 * #1205762 * #1205803 * #1206024 * #1208474 * #1208604 * #1209287 * #1209779 * #1210498 * #1210715 * #1210783 * #1210791 * #1210940 * #1211037 * #1211043 * #1211089 * #1211105 * #1211186 * #1211187 * #1211260 * #1211590 * #1211592 * #1211596 * #1211622 * #1211796 Cross-References: * CVE-2020-36694 * CVE-2021-29650 * CVE-2022-3566 * CVE-2022-4269 * CVE-2022-45884 * CVE-2022-45885 * CVE-2022-45886 * CVE-2022-45887 * CVE-2022-45919 * CVE-2023-1079 * CVE-2023-1380 * CVE-2023-1637 * CVE-2023-2124 * CVE-2023-2194 * CVE-2023-23586 * CVE-2023-2483 * CVE-2023-2513 * CVE-2023-31084 * CVE-2023-31436 * CVE-2023-32233 * CVE-2023-32269 * CVE-2023-33288 CVSS scores: * CVE-2020-36694 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2020-36694 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2021-29650 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2021-29650 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-3566 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4269 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-4269 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45884 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45885 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45885 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45886 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45886 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45887 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45887 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-45919 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-45919 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1079 ( NVD ): 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1380 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2023-1380 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2023-1637 ( SUSE ): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2023-1637 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2124 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2124 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2194 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L * CVE-2023-2194 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23586 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-23586 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2023-2483 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( SUSE ): 6.6 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-2513 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31084 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31084 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32269 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32269 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33288 ( SUSE ): 4.8 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2023-33288 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Availability Extension 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 Business Critical Linux 15-SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Manager Proxy 4.1 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Server 4.1 An update that solves 22 vulnerabilities and has 10 fixes can now be installed. ## Description: The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). * CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). * CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). * CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). * CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). * CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). * CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). * CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). * CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). * CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). * CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). * CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb- core/dvb_frontend.c (bsc#1210783). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260). * CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). * CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). * CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). * CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). * CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). * CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). * CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). * CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). * CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). The following non-security bugs were fixed: * Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622). * Fix usrmerge error (boo#1211796) * ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). * kernel-binary: install expoline.o (boo#1210791 bsc#1211089) * kernel-source: Remove unused macro variant_symbols * kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). * rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB * rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) * scsi: storvsc: Parameterize number hardware queues (bsc#1211622). * usrmerge: Compatibility with earlier rpm (boo#1211796) ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Availability Extension 15 SP2 zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-2651=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2651=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2651=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2651=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2651=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2651=1 ## Package List: * SUSE Linux Enterprise High Availability Extension 15 SP2 (aarch64 ppc64le s390x x86_64) * cluster-md-kmp-default-5.3.18-150200.24.154.1 * gfs2-kmp-default-5.3.18-150200.24.154.1 * ocfs2-kmp-default-5.3.18-150200.24.154.1 * cluster-md-kmp-default-debuginfo-5.3.18-150200.24.154.1 * dlm-kmp-default-debuginfo-5.3.18-150200.24.154.1 * gfs2-kmp-default-debuginfo-5.3.18-150200.24.154.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * ocfs2-kmp-default-debuginfo-5.3.18-150200.24.154.1 * dlm-kmp-default-5.3.18-150200.24.154.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 * SUSE Linux Enterprise High Availability Extension 15 SP2 (nosrc) * kernel-default-5.3.18-150200.24.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.154.1 * kernel-default-5.3.18-150200.24.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.154.1 * kernel-preempt-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-syms-5.3.18-150200.24.154.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * kernel-obs-build-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-5.3.18-150200.24.154.1 * kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1 * kernel-preempt-devel-5.3.18-150200.24.154.1 * kernel-preempt-debuginfo-5.3.18-150200.24.154.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.154.1 * kernel-source-5.3.18-150200.24.154.1 * kernel-devel-5.3.18-150200.24.154.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.154.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64 nosrc) * kernel-default-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-5.3.18-150200.24.154.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-syms-5.3.18-150200.24.154.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * kernel-obs-build-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-5.3.18-150200.24.154.1 * kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1 * reiserfs-kmp-default-5.3.18-150200.24.154.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.154.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * kernel-macros-5.3.18-150200.24.154.1 * kernel-source-5.3.18-150200.24.154.1 * kernel-devel-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.154.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-preempt-devel-5.3.18-150200.24.154.1 * kernel-preempt-debugsource-5.3.18-150200.24.154.1 * kernel-preempt-debuginfo-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc ppc64le x86_64) * kernel-default-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * kernel-obs-build-5.3.18-150200.24.154.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-syms-5.3.18-150200.24.154.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * kernel-obs-build-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-5.3.18-150200.24.154.1 * kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1 * reiserfs-kmp-default-5.3.18-150200.24.154.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.154.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * kernel-macros-5.3.18-150200.24.154.1 * kernel-source-5.3.18-150200.24.154.1 * kernel-devel-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch nosrc) * kernel-docs-5.3.18-150200.24.154.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (nosrc x86_64) * kernel-preempt-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * kernel-preempt-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-preempt-devel-5.3.18-150200.24.154.1 * kernel-preempt-debugsource-5.3.18-150200.24.154.1 * kernel-preempt-debuginfo-5.3.18-150200.24.154.1 * SUSE Enterprise Storage 7 (aarch64 nosrc x86_64) * kernel-preempt-5.3.18-150200.24.154.1 * kernel-default-5.3.18-150200.24.154.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * kernel-obs-build-5.3.18-150200.24.154.1 * kernel-preempt-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-syms-5.3.18-150200.24.154.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * kernel-obs-build-debugsource-5.3.18-150200.24.154.1 * kernel-default-devel-5.3.18-150200.24.154.1 * kernel-default-base-5.3.18-150200.24.154.1.150200.9.75.1 * kernel-preempt-devel-5.3.18-150200.24.154.1 * kernel-preempt-debuginfo-5.3.18-150200.24.154.1 * reiserfs-kmp-default-5.3.18-150200.24.154.1 * reiserfs-kmp-default-debuginfo-5.3.18-150200.24.154.1 * kernel-preempt-devel-debuginfo-5.3.18-150200.24.154.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 * SUSE Enterprise Storage 7 (noarch) * kernel-macros-5.3.18-150200.24.154.1 * kernel-source-5.3.18-150200.24.154.1 * kernel-devel-5.3.18-150200.24.154.1 * SUSE Enterprise Storage 7 (noarch nosrc) * kernel-docs-5.3.18-150200.24.154.2 * SUSE Linux Enterprise Live Patching 15-SP2 (nosrc) * kernel-default-5.3.18-150200.24.154.1 * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_154-default-1-150200.5.3.1 * kernel-default-livepatch-devel-5.3.18-150200.24.154.1 * kernel-livepatch-5_3_18-150200_24_154-default-debuginfo-1-150200.5.3.1 * kernel-default-debuginfo-5.3.18-150200.24.154.1 * kernel-default-livepatch-5.3.18-150200.24.154.1 * kernel-livepatch-SLE15-SP2_Update_37-debugsource-1-150200.5.3.1 * kernel-default-debugsource-5.3.18-150200.24.154.1 ## References: * https://www.suse.com/security/cve/CVE-2020-36694.html * https://www.suse.com/security/cve/CVE-2021-29650.html * https://www.suse.com/security/cve/CVE-2022-3566.html * https://www.suse.com/security/cve/CVE-2022-4269.html * https://www.suse.com/security/cve/CVE-2022-45884.html * https://www.suse.com/security/cve/CVE-2022-45885.html * https://www.suse.com/security/cve/CVE-2022-45886.html * https://www.suse.com/security/cve/CVE-2022-45887.html * https://www.suse.com/security/cve/CVE-2022-45919.html * https://www.suse.com/security/cve/CVE-2023-1079.html * https://www.suse.com/security/cve/CVE-2023-1380.html * https://www.suse.com/security/cve/CVE-2023-1637.html * https://www.suse.com/security/cve/CVE-2023-2124.html * https://www.suse.com/security/cve/CVE-2023-2194.html * https://www.suse.com/security/cve/CVE-2023-23586.html * https://www.suse.com/security/cve/CVE-2023-2483.html * https://www.suse.com/security/cve/CVE-2023-2513.html * https://www.suse.com/security/cve/CVE-2023-31084.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://www.suse.com/security/cve/CVE-2023-32233.html * https://www.suse.com/security/cve/CVE-2023-32269.html * https://www.suse.com/security/cve/CVE-2023-33288.html * https://bugzilla.suse.com/show_bug.cgi?id=1172073 * https://bugzilla.suse.com/show_bug.cgi?id=1184208 * https://bugzilla.suse.com/show_bug.cgi?id=1191731 * https://bugzilla.suse.com/show_bug.cgi?id=1199046 * https://bugzilla.suse.com/show_bug.cgi?id=1204405 * https://bugzilla.suse.com/show_bug.cgi?id=1205756 * https://bugzilla.suse.com/show_bug.cgi?id=1205758 * https://bugzilla.suse.com/show_bug.cgi?id=1205760 * https://bugzilla.suse.com/show_bug.cgi?id=1205762 * https://bugzilla.suse.com/show_bug.cgi?id=1205803 * https://bugzilla.suse.com/show_bug.cgi?id=1206024 * https://bugzilla.suse.com/show_bug.cgi?id=1208474 * https://bugzilla.suse.com/show_bug.cgi?id=1208604 * https://bugzilla.suse.com/show_bug.cgi?id=1209287 * https://bugzilla.suse.com/show_bug.cgi?id=1209779 * https://bugzilla.suse.com/show_bug.cgi?id=1210498 * https://bugzilla.suse.com/show_bug.cgi?id=1210715 * https://bugzilla.suse.com/show_bug.cgi?id=1210783 * https://bugzilla.suse.com/show_bug.cgi?id=1210791 * https://bugzilla.suse.com/show_bug.cgi?id=1210940 * https://bugzilla.suse.com/show_bug.cgi?id=1211037 * https://bugzilla.suse.com/show_bug.cgi?id=1211043 * https://bugzilla.suse.com/show_bug.cgi?id=1211089 * https://bugzilla.suse.com/show_bug.cgi?id=1211105 * https://bugzilla.suse.com/show_bug.cgi?id=1211186 * https://bugzilla.suse.com/show_bug.cgi?id=1211187 * https://bugzilla.suse.com/show_bug.cgi?id=1211260 * https://bugzilla.suse.com/show_bug.cgi?id=1211590 * https://bugzilla.suse.com/show_bug.cgi?id=1211592 * https://bugzilla.suse.com/show_bug.cgi?id=1211596 * https://bugzilla.suse.com/show_bug.cgi?id=1211622 * https://bugzilla.suse.com/show_bug.cgi?id=1211796 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:44 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:44 -0000 Subject: SUSE-SU-2023:2656-1: important: Security update for amazon-ssm-agent Message-ID: <168786904468.12882.3909806642085503188@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:2656-1 Rating: important References: * #1206346 Affected Products: * Public Cloud Module 12 * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 12 zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-2656=1 ## Package List: * Public Cloud Module 12 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-4.31.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:49 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:49 -0000 Subject: SUSE-SU-2023:2655-1: important: Security update for nodejs16 Message-ID: <168786904957.12882.11306844954831441527@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:2655-1 Rating: important References: * #1211407 * #1211604 * #1211605 * #1211606 * #1211607 * #1212574 * #1212579 * #1212581 * #1212582 * #1212583 Cross-References: * CVE-2023-30581 * CVE-2023-30585 * CVE-2023-30588 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31124 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism (bsc#1212574). * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). * CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). * CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). * CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). * CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). * CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). * CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: * Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-2655=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.1-8.30.1 * nodejs16-devel-16.20.1-8.30.1 * npm16-16.20.1-8.30.1 * nodejs16-debuginfo-16.20.1-8.30.1 * nodejs16-16.20.1-8.30.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.1-8.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30585.html * https://www.suse.com/security/cve/CVE-2023-30588.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1211407 * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212579 * https://bugzilla.suse.com/show_bug.cgi?id=1212581 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:52 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:52 -0000 Subject: SUSE-SU-2023:2654-1: important: Security update for kubernetes1.24 Message-ID: <168786905268.12882.16086000861221979722@smelt2.suse.de> # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2023:2654-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of kubernetes1.24 fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2654=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2654=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-1.24.13-150400.9.5.1 * kubernetes1.24-client-common-1.24.13-150400.9.5.1 * openSUSE Leap 15.4 (noarch) * kubernetes1.24-client-bash-completion-1.24.13-150400.9.5.1 * kubernetes1.24-client-fish-completion-1.24.13-150400.9.5.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-1.24.13-150400.9.5.1 * kubernetes1.24-client-common-1.24.13-150400.9.5.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:56 -0000 Subject: SUSE-SU-2023:2652-1: moderate: Security update for libvirt Message-ID: <168786905601.12882.4959244070847502289@smelt2.suse.de> # Security update for libvirt Announcement ID: SUSE-SU-2023:2652-1 Rating: moderate References: * #1209861 * #1210666 * #1211390 * #1211472 Cross-References: * CVE-2023-2700 CVSS scores: * CVE-2023-2700 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H * CVE-2023-2700 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability and has three fixes can now be installed. ## Description: This update for libvirt fixes the following issues: * CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList (bsc#1211390) * apparmor: Add support for local profile customizations (bsc#1211472) * qemu: Fix cdrom media change (bsc#1210666) * qemu: Fix potential crash during driver cleanup (bsc#1209861) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2652=1 SUSE-2023-2652=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2652=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2652=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.3.1 * libvirt-libs-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-network-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-qemu-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-lxc-9.0.0-150500.6.3.1 * libvirt-daemon-config-network-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-qemu-9.0.0-150500.6.3.1 * libvirt-libs-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-lxc-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.3.1 * libvirt-debugsource-9.0.0-150500.6.3.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.3.1 * libvirt-nss-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-debuginfo-9.0.0-150500.6.3.1 * wireshark-plugin-libvirt-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-gluster-9.0.0-150500.6.3.1 * libvirt-nss-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.3.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.3.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-9.0.0-150500.6.3.1 * libvirt-daemon-hooks-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-gluster-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.3.1 * libvirt-lock-sanlock-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.3.1 * wireshark-plugin-libvirt-9.0.0-150500.6.3.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.3.1 * libvirt-daemon-lxc-9.0.0-150500.6.3.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.3.1 * libvirt-9.0.0-150500.6.3.1 * libvirt-daemon-9.0.0-150500.6.3.1 * libvirt-devel-9.0.0-150500.6.3.1 * openSUSE Leap 15.5 (x86_64) * libvirt-client-32bit-debuginfo-9.0.0-150500.6.3.1 * libvirt-devel-32bit-9.0.0-150500.6.3.1 * libvirt-daemon-xen-9.0.0-150500.6.3.1 * libvirt-daemon-driver-libxl-9.0.0-150500.6.3.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.3.1 * openSUSE Leap 15.5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.3.1 * openSUSE Leap 15.5 (noarch) * libvirt-doc-9.0.0-150500.6.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libvirt-client-64bit-debuginfo-9.0.0-150500.6.3.1 * libvirt-devel-64bit-9.0.0-150500.6.3.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-libs-9.0.0-150500.6.3.1 * libvirt-libs-debuginfo-9.0.0-150500.6.3.1 * libvirt-debugsource-9.0.0-150500.6.3.1 * Server Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libvirt-daemon-driver-storage-iscsi-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-direct-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-network-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-qemu-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nodedev-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nwfilter-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-secret-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-disk-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-config-network-9.0.0-150500.6.3.1 * libvirt-daemon-qemu-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-iscsi-direct-9.0.0-150500.6.3.1 * libvirt-debugsource-9.0.0-150500.6.3.1 * libvirt-daemon-driver-secret-9.0.0-150500.6.3.1 * libvirt-nss-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-qemu-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-mpath-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-config-nwfilter-9.0.0-150500.6.3.1 * libvirt-nss-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-core-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-qemu-9.0.0-150500.6.3.1 * libvirt-daemon-driver-interface-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-logical-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-core-9.0.0-150500.6.3.1 * libvirt-daemon-driver-interface-debuginfo-9.0.0-150500.6.3.1 * libvirt-client-9.0.0-150500.6.3.1 * libvirt-daemon-hooks-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-logical-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-mpath-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nwfilter-9.0.0-150500.6.3.1 * libvirt-lock-sanlock-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-scsi-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-disk-9.0.0-150500.6.3.1 * libvirt-lock-sanlock-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-scsi-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-nodedev-9.0.0-150500.6.3.1 * libvirt-daemon-driver-network-debuginfo-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-9.0.0-150500.6.3.1 * libvirt-9.0.0-150500.6.3.1 * libvirt-daemon-9.0.0-150500.6.3.1 * libvirt-devel-9.0.0-150500.6.3.1 * Server Applications Module 15-SP5 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-9.0.0-150500.6.3.1 * libvirt-daemon-driver-storage-rbd-debuginfo-9.0.0-150500.6.3.1 * Server Applications Module 15-SP5 (noarch) * libvirt-doc-9.0.0-150500.6.3.1 * Server Applications Module 15-SP5 (x86_64) * libvirt-daemon-xen-9.0.0-150500.6.3.1 * libvirt-daemon-driver-libxl-9.0.0-150500.6.3.1 * libvirt-daemon-driver-libxl-debuginfo-9.0.0-150500.6.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2700.html * https://bugzilla.suse.com/show_bug.cgi?id=1209861 * https://bugzilla.suse.com/show_bug.cgi?id=1210666 * https://bugzilla.suse.com/show_bug.cgi?id=1211390 * https://bugzilla.suse.com/show_bug.cgi?id=1211472 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:30:58 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:30:58 -0000 Subject: SUSE-SU-2023:2650-1: important: Security update for amazon-ssm-agent Message-ID: <168786905821.12882.12976792922984094387@smelt2.suse.de> # Security update for amazon-ssm-agent Announcement ID: SUSE-SU-2023:2650-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP1 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.0 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.0 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of amazon-ssm-agent fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2650=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2650=1 * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2650=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2650=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2650=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2650=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2650=1 ## Package List: * openSUSE Leap 15.4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * openSUSE Leap 15.5 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * Public Cloud Module 15-SP1 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * Public Cloud Module 15-SP2 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * Public Cloud Module 15-SP3 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * Public Cloud Module 15-SP4 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 * Public Cloud Module 15-SP5 (aarch64 x86_64) * amazon-ssm-agent-3.1.1260.0-150000.5.15.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 12:31:00 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 12:31:00 -0000 Subject: SUSE-RU-2023:2649-1: moderate: Recommended update for hwdata Message-ID: <168786906063.12882.17201038884995782617@smelt2.suse.de> # Recommended update for hwdata Announcement ID: SUSE-RU-2023:2649-1 Rating: moderate References: Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 * SUSE Linux Enterprise Desktop 15 SP1 * SUSE Linux Enterprise Desktop 15 SP2 * SUSE Linux Enterprise Desktop 15 SP3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP1 * SUSE Linux Enterprise Real Time 15 SP2 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Client Tools for SLE 15 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 An update that can now be installed. ## Description: This update for hwdata fixes the following issues: * update to 0.371: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2649=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2649=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2649=1 * SUSE Manager Client Tools for SLE 15 zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-2649=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2649=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2649=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2649=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2649=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2649=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2649=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2649=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2649=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2649=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2649=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2649=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2649=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2649=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2649=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2649=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2649=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2649=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2649=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2649=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2649=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2649=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2649=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2649=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2649=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2649=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * hwdata-0.371-150000.3.62.1 * openSUSE Leap 15.4 (noarch) * hwdata-0.371-150000.3.62.1 * openSUSE Leap 15.5 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Client Tools for SLE 15 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * hwdata-0.371-150000.3.62.1 * Basesystem Module 15-SP4 (noarch) * hwdata-0.371-150000.3.62.1 * Basesystem Module 15-SP5 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Proxy 4.2 Module 4.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Proxy 4.3 Module 4.3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Server 4.2 Module 4.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Server 4.3 Module 4.3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Proxy 4.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Retail Branch Server 4.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Manager Server 4.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Enterprise Storage 7.1 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Enterprise Storage 7 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro 5.2 (noarch) * hwdata-0.371-150000.3.62.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * hwdata-0.371-150000.3.62.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 16:30:03 -0000 Subject: SUSE-RU-2023:2658-1: moderate: Recommended update for containerd, docker, runc Message-ID: <168788340343.21570.15629717678480264501@smelt2.suse.de> # Recommended update for containerd, docker, runc Announcement ID: SUSE-RU-2023:2658-1 Rating: moderate References: * #1207004 * #1208074 * #1210298 * #1211578 Affected Products: * Containers Module 15-SP4 * Containers Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has four recommended fixes can now be installed. ## Description: This update for containerd, docker, runc fixes the following issues: * Update to containerd v1.6.21 (bsc#1211578) * Update to Docker 23.0.6-ce (bsc#1211578) * Update to runc v1.1.7 * Require a minimum Go version explicitly (bsc#1210298) * Re-unify packaging for SLE-12 and SLE-15 * Fix build on SLE-12 by switching back to libbtrfs-devel headers * Allow man pages to be built without internet access in OBS * Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux * Fix syntax of boolean dependency * Allow to install container-selinux instead of apparmor-parser * Change to using systemd-sysusers * Update runc.keyring to upstream version * Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2658=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2658=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2658=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2658=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2658=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2658=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2658=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2658=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2658=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2658=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2658=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2658=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2658=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2658=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * openSUSE Leap 15.4 (noarch) * docker-zsh-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 * docker-bash-completion-23.0.6_ce-150000.178.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * containerd-devel-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * openSUSE Leap 15.5 (noarch) * docker-zsh-completion-23.0.6_ce-150000.178.1 * docker-fish-completion-23.0.6_ce-150000.178.1 * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * containerd-devel-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * Containers Module 15-SP4 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * containerd-devel-1.6.21-150000.93.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-ctr-1.6.21-150000.93.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * Containers Module 15-SP5 (noarch) * docker-bash-completion-23.0.6_ce-150000.178.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * runc-debuginfo-1.1.7-150000.46.1 * runc-1.1.7-150000.46.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * runc-debuginfo-1.1.7-150000.46.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * docker-debuginfo-23.0.6_ce-150000.178.1 * runc-debuginfo-1.1.7-150000.46.1 * docker-23.0.6_ce-150000.178.1 * containerd-1.6.21-150000.93.1 * runc-1.1.7-150000.46.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1207004 * https://bugzilla.suse.com/show_bug.cgi?id=1208074 * https://bugzilla.suse.com/show_bug.cgi?id=1210298 * https://bugzilla.suse.com/show_bug.cgi?id=1211578 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 16:30:05 -0000 Subject: SUSE-RU-2023:2657-1: moderate: Recommended update for libcontainers-common Message-ID: <168788340530.21570.12191371033618863178@smelt2.suse.de> # Recommended update for libcontainers-common Announcement ID: SUSE-RU-2023:2657-1 Rating: moderate References: * #1211124 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * openSUSE Leap Micro 5.3 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for libcontainers-common fixes the following issues: * New subpackage libcontainers-sles-mounts which adds SLE-specific mounts on SLE systems (bsc#1211124) * Own /etc/containers/systemd and /usr/share/containers/systemd for podman quadlet * Remove container-storage-driver.sh to default to the overlay driver instead of btrfs ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2657=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2657=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2657=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2657=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2657=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2657=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2657=1 ## Package List: * openSUSE Leap Micro 5.3 (noarch) * libcontainers-common-20230214-150400.3.8.1 * openSUSE Leap 15.4 (noarch) * libcontainers-common-20230214-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * libcontainers-common-20230214-150400.3.8.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * libcontainers-common-20230214-150400.3.8.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (noarch) * libcontainers-common-20230214-150400.3.8.1 * SUSE Linux Enterprise Micro 5.4 (noarch) * libcontainers-common-20230214-150400.3.8.1 * Basesystem Module 15-SP4 (noarch) * libcontainers-sles-mounts-20230214-150400.3.8.1 * libcontainers-common-20230214-150400.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211124 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:11 -0000 Subject: SUSE-SU-2023:2660-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Message-ID: <168789781152.13881.6427053415893460413@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2660-1 Rating: important References: * #1207189 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_102 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2660=1 SUSE-SLE-Live- Patching-12-SP4-2023-2659=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_102-default-11-2.3 * kgraft-patch-4_12_14-95_105-default-11-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:13 -0000 Subject: SUSE-SU-2023:2665-1: important: Security update for cosign Message-ID: <168789781353.13881.13118084930026097415@smelt2.suse.de> # Security update for cosign Announcement ID: SUSE-SU-2023:2665-1 Rating: important References: * #1206346 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of cosign fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2665=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2665=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2665=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2665=1 ## Package List: * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.11.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.11.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.11.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cosign-2.0.1-150400.3.11.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:15 -0000 Subject: SUSE-SU-2023:2664-1: important: Security update for kubernetes1.24 Message-ID: <168789781569.13881.5542273015093496983@smelt2.suse.de> # Security update for kubernetes1.24 Announcement ID: SUSE-SU-2023:2664-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one fix can now be installed. ## Description: This update of kubernetes1.24 fixes the following issues: * Update to version 1.24.15. * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2664=1 openSUSE-SLE-15.5-2023-2664=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2664=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-kubelet-1.24.15-150500.3.7.1 * kubernetes1.24-controller-manager-1.24.15-150500.3.7.1 * kubernetes1.24-apiserver-1.24.15-150500.3.7.1 * kubernetes1.24-proxy-1.24.15-150500.3.7.1 * kubernetes1.24-client-common-1.24.15-150500.3.7.1 * kubernetes1.24-kubeadm-1.24.15-150500.3.7.1 * kubernetes1.24-kubelet-common-1.24.15-150500.3.7.1 * kubernetes1.24-scheduler-1.24.15-150500.3.7.1 * kubernetes1.24-client-1.24.15-150500.3.7.1 * openSUSE Leap 15.5 (noarch) * kubernetes1.24-client-fish-completion-1.24.15-150500.3.7.1 * kubernetes1.24-client-bash-completion-1.24.15-150500.3.7.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.24-client-common-1.24.15-150500.3.7.1 * kubernetes1.24-client-1.24.15-150500.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:19 -0000 Subject: SUSE-SU-2023:2663-1: important: Security update for nodejs16 Message-ID: <168789781937.13881.8666094158810178101@smelt2.suse.de> # Security update for nodejs16 Announcement ID: SUSE-SU-2023:2663-1 Rating: important References: * #1211407 * #1211604 * #1211605 * #1211606 * #1211607 * #1212574 * #1212579 * #1212581 * #1212582 * #1212583 Cross-References: * CVE-2023-30581 * CVE-2023-30585 * CVE-2023-30588 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31124 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves nine vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs16 fixes the following issues: Update to version 16.20.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism (bsc#1212574). * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). * CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). * CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). * CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). * CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). * CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). * CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: * Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2663=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2663=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm16-16.20.1-150400.3.21.1 * nodejs16-16.20.1-150400.3.21.1 * nodejs16-debugsource-16.20.1-150400.3.21.1 * nodejs16-devel-16.20.1-150400.3.21.1 * corepack16-16.20.1-150400.3.21.1 * nodejs16-debuginfo-16.20.1-150400.3.21.1 * openSUSE Leap 15.4 (noarch) * nodejs16-docs-16.20.1-150400.3.21.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * npm16-16.20.1-150400.3.21.1 * nodejs16-16.20.1-150400.3.21.1 * nodejs16-debugsource-16.20.1-150400.3.21.1 * nodejs16-devel-16.20.1-150400.3.21.1 * nodejs16-debuginfo-16.20.1-150400.3.21.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.20.1-150400.3.21.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30585.html * https://www.suse.com/security/cve/CVE-2023-30588.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1211407 * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212579 * https://bugzilla.suse.com/show_bug.cgi?id=1212581 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:23 -0000 Subject: SUSE-SU-2023:2662-1: important: Security update for nodejs18 Message-ID: <168789782364.13881.5573302012969870474@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:2662-1 Rating: important References: * #1208744 * #1211407 * #1211604 * #1211605 * #1211606 * #1211607 * #1212574 * #1212579 * #1212581 * #1212582 * #1212583 Cross-References: * CVE-2022-25881 * CVE-2023-30581 * CVE-2023-30585 * CVE-2023-30588 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31124 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves 10 vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to version 18.16.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism (bsc#1212574). * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). * CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). * CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). * CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). * CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). * CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). * CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). * CVE-2022-25881: Fixed a Regular Expression Denial of Service (bsc#1208744). Bug fixes: * Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-2662=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.16.1-8.9.1 * nodejs18-18.16.1-8.9.1 * nodejs18-debuginfo-18.16.1-8.9.1 * nodejs18-devel-18.16.1-8.9.1 * npm18-18.16.1-8.9.1 * Web and Scripting Module 12 (noarch) * nodejs18-docs-18.16.1-8.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30585.html * https://www.suse.com/security/cve/CVE-2023-30588.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 * https://bugzilla.suse.com/show_bug.cgi?id=1211407 * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212579 * https://bugzilla.suse.com/show_bug.cgi?id=1212581 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Tue Jun 27 20:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 27 Jun 2023 20:30:25 -0000 Subject: SUSE-RU-2023:2661-1: moderate: Recommended update for gcc12 Message-ID: <168789782593.13881.28479739154718920@smelt2.suse.de> # Recommended update for gcc12 Announcement ID: SUSE-RU-2023:2661-1 Rating: moderate References: Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 * Toolchain Module 12 An update that can now be installed. ## Description: This update for gcc12 fixes the following issues: Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204, containing lots of bugfixes and improvements. * Speed up builds with --enable-link-serialization. * Update embedded newlib to version 4.2.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2661=1 * Toolchain Module 12 zypper in -t patch SUSE-SLE-Module-Toolchain-12-2023-2661=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2661=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2661=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2661=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2661=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2661=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2661=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2661=1 * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2661=1 ## Package List: * SUSE OpenStack Cloud Crowbar 9 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * Toolchain Module 12 (aarch64 ppc64le s390x x86_64) * gcc12-debugsource-12.3.0+git1204-1.8.1 * gcc12-fortran-12.3.0+git1204-1.8.1 * gcc12-12.3.0+git1204-1.8.1 * gcc12-fortran-debuginfo-12.3.0+git1204-1.8.1 * gcc12-locale-12.3.0+git1204-1.8.1 * cpp12-12.3.0+git1204-1.8.1 * gcc12-debuginfo-12.3.0+git1204-1.8.1 * gcc12-c++-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-devel-gcc12-12.3.0+git1204-1.8.1 * gcc12-c++-12.3.0+git1204-1.8.1 * gcc12-PIE-12.3.0+git1204-1.8.1 * cpp12-debuginfo-12.3.0+git1204-1.8.1 * Toolchain Module 12 (noarch) * gcc12-info-12.3.0+git1204-1.8.1 * Toolchain Module 12 (s390x x86_64) * libstdc++6-devel-gcc12-32bit-12.3.0+git1204-1.8.1 * gcc12-fortran-32bit-12.3.0+git1204-1.8.1 * gcc12-32bit-12.3.0+git1204-1.8.1 * gcc12-c++-32bit-12.3.0+git1204-1.8.1 * Toolchain Module 12 (x86_64) * cross-nvptx-newlib12-devel-12.3.0+git1204-1.8.1 * cross-nvptx-gcc12-debuginfo-12.3.0+git1204-1.8.1 * cross-nvptx-gcc12-12.3.0+git1204-1.8.1 * cross-nvptx-gcc12-debugsource-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * gcc12-debugsource-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * gcc12-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64) * libhwasan0-12.3.0+git1204-1.8.1 * libhwasan0-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64) * libhwasan0-12.3.0+git1204-1.8.1 * libhwasan0-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64) * libhwasan0-12.3.0+git1204-1.8.1 * libhwasan0-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64) * libhwasan0-12.3.0+git1204-1.8.1 * libhwasan0-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP5 (ppc64le x86_64) * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server 12 SP5 (x86_64) * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * SUSE OpenStack Cloud 9 (x86_64) * libitm1-32bit-12.3.0+git1204-1.8.1 * libgomp1-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-12.3.0+git1204-1.8.1 * libstdc++6-locale-12.3.0+git1204-1.8.1 * libatomic1-12.3.0+git1204-1.8.1 * libatomic1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-12.3.0+git1204-1.8.1 * libstdc++6-pp-12.3.0+git1204-1.8.1 * libtsan2-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-debuginfo-12.3.0+git1204-1.8.1 * libasan8-12.3.0+git1204-1.8.1 * libasan8-debuginfo-12.3.0+git1204-1.8.1 * libgfortran5-12.3.0+git1204-1.8.1 * libquadmath0-32bit-12.3.0+git1204-1.8.1 * liblsan0-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-32bit-debuginfo-12.3.0+git1204-1.8.1 * libubsan1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libgomp1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-12.3.0+git1204-1.8.1 * libgcc_s1-12.3.0+git1204-1.8.1 * libatomic1-32bit-12.3.0+git1204-1.8.1 * libquadmath0-12.3.0+git1204-1.8.1 * libgfortran5-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-debuginfo-12.3.0+git1204-1.8.1 * libobjc4-12.3.0+git1204-1.8.1 * libatomic1-debuginfo-12.3.0+git1204-1.8.1 * libasan8-32bit-12.3.0+git1204-1.8.1 * libobjc4-32bit-12.3.0+git1204-1.8.1 * libgomp1-12.3.0+git1204-1.8.1 * libasan8-32bit-debuginfo-12.3.0+git1204-1.8.1 * liblsan0-12.3.0+git1204-1.8.1 * libstdc++6-pp-32bit-12.3.0+git1204-1.8.1 * libitm1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-debuginfo-12.3.0+git1204-1.8.1 * libquadmath0-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-12.3.0+git1204-1.8.1 * libubsan1-32bit-12.3.0+git1204-1.8.1 * libgfortran5-32bit-debuginfo-12.3.0+git1204-1.8.1 * libstdc++6-debuginfo-12.3.0+git1204-1.8.1 * libgcc_s1-32bit-debuginfo-12.3.0+git1204-1.8.1 * libitm1-12.3.0+git1204-1.8.1 * libtsan2-12.3.0+git1204-1.8.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 07:04:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:04:18 +0200 (CEST) Subject: SUSE-CU-2023:2153-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230628070418.28148FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2153-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.157 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.157 Severity : moderate Type : security References : 1210996 1211256 1211257 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). The following package changes have been done: - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Wed Jun 28 07:05:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:05:02 +0200 (CEST) Subject: SUSE-CU-2023:2155-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230628070502.3A5C2FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2155-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.54 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.54 Severity : moderate Type : security References : 1210996 1211256 1211257 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). The following package changes have been done: - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Wed Jun 28 07:07:36 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:07:36 +0200 (CEST) Subject: SUSE-CU-2023:2156-1: Recommended update of suse/sle15 Message-ID: <20230628070736.CEF9EFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2156-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.784 Container Release : 6.2.784 Severity : moderate Type : recommended References : 1211261 1212187 1212222 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2644-1 Released: Tue Jun 27 09:23:49 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1211261,1212187,1212222 This update for libzypp, zypper fixes the following issues: libzypp was updated to version 17.31.14 (22): - build: honor libproxy.pc's includedir (bsc#1212222) - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) The following package changes have been done: - libzypp-17.31.14-150100.3.112.1 updated - zypper-1.14.61-150100.3.79.1 updated From sle-updates at lists.suse.com Wed Jun 28 07:08:32 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:08:32 +0200 (CEST) Subject: SUSE-CU-2023:2157-1: Security update of bci/bci-init Message-ID: <20230628070832.71AFBFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2157-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.29.3 Container Release : 29.3 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.42.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - container:sles15-image-15.0.0-27.14.72 updated From sle-updates at lists.suse.com Wed Jun 28 07:09:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:09:33 +0200 (CEST) Subject: SUSE-CU-2023:2158-1: Security update of suse/pcp Message-ID: <20230628070933.B67B2FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2158-1 Container Tags : suse/pcp:5 , suse/pcp:5-17.15 , suse/pcp:5.2 , suse/pcp:5.2-17.15 , suse/pcp:5.2.5 , suse/pcp:5.2.5-17.15 Container Release : 17.15 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.42.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - container:bci-bci-init-15.4-15.4-29.3 updated From sle-updates at lists.suse.com Wed Jun 28 07:09:40 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:09:40 +0200 (CEST) Subject: SUSE-CU-2023:2159-1: Security update of suse/postgres Message-ID: <20230628070940.0E7FCFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2159-1 Container Tags : suse/postgres:14 , suse/postgres:14-22.10 , suse/postgres:14.8 , suse/postgres:14.8-22.10 Container Release : 22.10 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.42.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - container:sles15-image-15.0.0-27.14.72 updated From sle-updates at lists.suse.com Wed Jun 28 07:10:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:10:19 +0200 (CEST) Subject: SUSE-CU-2023:2160-1: Security update of suse/sle15 Message-ID: <20230628071019.617A9FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2160-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.72 , suse/sle15:15.4 , suse/sle15:15.4.27.14.72 Container Release : 27.14.72 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - libopenssl1_1-1.1.1l-150400.7.42.1 updated - openssl-1_1-1.1.1l-150400.7.42.1 updated From sle-updates at lists.suse.com Wed Jun 28 07:12:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:12:09 +0200 (CEST) Subject: SUSE-CU-2023:2188-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230628071209.6C290FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2188-1 Container Tags : suse/sle-micro/5.1/toolbox:12.1 , suse/sle-micro/5.1/toolbox:12.1-2.2.416 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.416 Severity : moderate Type : security References : 1210996 1211256 1211257 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). The following package changes have been done: - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Wed Jun 28 07:12:41 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 09:12:41 +0200 (CEST) Subject: SUSE-CU-2023:2189-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230628071241.0FDEBFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2189-1 Container Tags : suse/sle-micro/5.2/toolbox:12.1 , suse/sle-micro/5.2/toolbox:12.1-6.2.238 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.238 Severity : moderate Type : security References : 1210996 1211256 1211257 CVE-2023-2426 CVE-2023-2609 CVE-2023-2610 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). The following package changes have been done: - vim-data-common-9.0.1572-150000.5.46.1 updated - vim-9.0.1572-150000.5.46.1 updated - xxd-9.0.1443-150000.5.43.1 removed From sle-updates at lists.suse.com Wed Jun 28 11:42:46 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 11:42:46 -0000 Subject: SUSE-SU-2023:2666-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP4) Message-ID: <168795256630.6420.16890327713523245274@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2666-1 Rating: important References: * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_120 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2666=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_120-default-4-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 11:42:50 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 11:42:50 -0000 Subject: SUSE-SU-2023:2669-1: important: Security update for nodejs18 Message-ID: <168795257057.6420.7096483968544445609@smelt2.suse.de> # Security update for nodejs18 Announcement ID: SUSE-SU-2023:2669-1 Rating: important References: * #1208744 * #1211407 * #1211604 * #1211605 * #1211606 * #1211607 * #1212574 * #1212579 * #1212581 * #1212582 * #1212583 Cross-References: * CVE-2022-25881 * CVE-2023-30581 * CVE-2023-30585 * CVE-2023-30588 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-31124 * CVE-2023-31130 * CVE-2023-31147 * CVE-2023-32067 CVSS scores: * CVE-2022-25881 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-25881 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31124 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31124 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-31130 ( NVD ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31147 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-31147 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-32067 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-32067 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves 10 vulnerabilities and has one fix can now be installed. ## Description: This update for nodejs18 fixes the following issues: Update to version 18.16.1: * CVE-2023-30581: Fixed mainModule. **proto** Bypass Experimental Policy Mechanism (bsc#1212574). * CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). * CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). * CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). * CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). * CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). * CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). * CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). * CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). * CVE-2022-25881: Fixed a Regular Expression Denial of Service (bsc#1208744). Bug fixes: * Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2669=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2669=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2669=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-2669=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.16.1-150400.9.9.1 * npm18-18.16.1-150400.9.9.1 * nodejs18-devel-18.16.1-150400.9.9.1 * corepack18-18.16.1-150400.9.9.1 * nodejs18-debuginfo-18.16.1-150400.9.9.1 * nodejs18-18.16.1-150400.9.9.1 * openSUSE Leap 15.4 (noarch) * nodejs18-docs-18.16.1-150400.9.9.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.16.1-150400.9.9.1 * npm18-18.16.1-150400.9.9.1 * nodejs18-devel-18.16.1-150400.9.9.1 * corepack18-18.16.1-150400.9.9.1 * nodejs18-debuginfo-18.16.1-150400.9.9.1 * nodejs18-18.16.1-150400.9.9.1 * openSUSE Leap 15.5 (noarch) * nodejs18-docs-18.16.1-150400.9.9.1 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.16.1-150400.9.9.1 * npm18-18.16.1-150400.9.9.1 * nodejs18-devel-18.16.1-150400.9.9.1 * nodejs18-debuginfo-18.16.1-150400.9.9.1 * nodejs18-18.16.1-150400.9.9.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs18-docs-18.16.1-150400.9.9.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nodejs18-debugsource-18.16.1-150400.9.9.1 * npm18-18.16.1-150400.9.9.1 * nodejs18-devel-18.16.1-150400.9.9.1 * nodejs18-debuginfo-18.16.1-150400.9.9.1 * nodejs18-18.16.1-150400.9.9.1 * Web and Scripting Module 15-SP5 (noarch) * nodejs18-docs-18.16.1-150400.9.9.1 ## References: * https://www.suse.com/security/cve/CVE-2022-25881.html * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30585.html * https://www.suse.com/security/cve/CVE-2023-30588.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-31124.html * https://www.suse.com/security/cve/CVE-2023-31130.html * https://www.suse.com/security/cve/CVE-2023-31147.html * https://www.suse.com/security/cve/CVE-2023-32067.html * https://bugzilla.suse.com/show_bug.cgi?id=1208744 * https://bugzilla.suse.com/show_bug.cgi?id=1211407 * https://bugzilla.suse.com/show_bug.cgi?id=1211604 * https://bugzilla.suse.com/show_bug.cgi?id=1211605 * https://bugzilla.suse.com/show_bug.cgi?id=1211606 * https://bugzilla.suse.com/show_bug.cgi?id=1211607 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212579 * https://bugzilla.suse.com/show_bug.cgi?id=1212581 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 11:42:53 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 11:42:53 -0000 Subject: SUSE-SU-2023:2668-1: moderate: Security update for sqlite3 Message-ID: <168795257312.6420.18168920516233395460@smelt2.suse.de> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:2668-1 Rating: moderate References: * #1206337 Cross-References: * CVE-2022-46908 CVSS scores: * CVE-2022-46908 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2022-46908 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE OpenStack Cloud 9 * SUSE OpenStack Cloud Crowbar 9 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE OpenStack Cloud 9 zypper in -t patch SUSE-OpenStack-Cloud-9-2023-2668=1 * SUSE OpenStack Cloud Crowbar 9 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-2668=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2668=1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-2668=1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-ESPOS-2023-2668=1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-2668=1 ## Package List: * SUSE OpenStack Cloud 9 (x86_64) * sqlite3-devel-3.39.3-9.26.1 * libsqlite3-0-32bit-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE OpenStack Cloud Crowbar 9 (x86_64) * sqlite3-devel-3.39.3-9.26.1 * libsqlite3-0-32bit-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * sqlite3-devel-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (x86_64) * libsqlite3-0-32bit-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 * SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (x86_64) * sqlite3-devel-3.39.3-9.26.1 * libsqlite3-0-32bit-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (aarch64 x86_64) * sqlite3-devel-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (x86_64) * libsqlite3-0-32bit-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (aarch64 ppc64le s390x x86_64) * sqlite3-devel-3.39.3-9.26.1 * sqlite3-3.39.3-9.26.1 * sqlite3-debuginfo-3.39.3-9.26.1 * libsqlite3-0-3.39.3-9.26.1 * sqlite3-debugsource-3.39.3-9.26.1 * sqlite3-tcl-3.39.3-9.26.1 * libsqlite3-0-debuginfo-3.39.3-9.26.1 * SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (s390x x86_64) * libsqlite3-0-32bit-3.39.3-9.26.1 * libsqlite3-0-debuginfo-32bit-3.39.3-9.26.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 11:42:56 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 11:42:56 -0000 Subject: SUSE-SU-2023:2667-1: important: Security update for bind Message-ID: <168795257635.6420.8159267882466120350@smelt2.suse.de> # Security update for bind Announcement ID: SUSE-SU-2023:2667-1 Rating: important References: * #1212544 * #1212567 Cross-References: * CVE-2023-2828 * CVE-2023-2911 CVSS scores: * CVE-2023-2828 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2828 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2911 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-2911 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * Server Applications Module 15-SP4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves two vulnerabilities and contains one feature can now be installed. ## Description: This update for bind fixes the following issues: Update to release 9.16.42 Security Fixes: * The overmem cleaning process has been improved, to prevent the cache from significantly exceeding the configured max-cache-size limit. (CVE-2023-2828) * A query that prioritizes stale data over lookup triggers a fetch to refresh the stale data in cache. If the fetch is aborted for exceeding the recursion quota, it was possible for named to enter an infinite callback loop and crash due to stack overflow. This has been fixed. (CVE-2023-2911) Bug Fixes: * Previously, it was possible for a delegation from cache to be returned to the client after the stale-answer-client-timeout duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600] Update to release 9.16.41 Bug Fixes: * When removing delegations from an opt-out range, empty-non-terminal NSEC3 records generated by those delegations were not cleaned up. This has been fixed. [jsc#SLE-24600] Update to release 9.16.40 Bug Fixes: * Logfiles using timestamp-style suffixes were not always correctly removed when the number of files exceeded the limit set by versions. This has been fixed for configurations which do not explicitly specify a directory path as part of the file argument in the channel specification. * Performance of DNSSEC validation in zones with many DNSKEY records has been improved. Update to release 9.16.39 Feature Changes: * libuv support for receiving multiple UDP messages in a single recvmmsg() system call has been tweaked several times between libuv versions 1.35.0 and 1.40.0; the current recommended libuv version is 1.40.0 or higher. New rules are now in effect for running with a different version of libuv than the one used at compilation time. These rules may trigger a fatal error at startup: * Building against or running with libuv versions 1.35.0 and 1.36.0 is now a fatal error. * Running with libuv version higher than 1.34.2 is now a fatal error when named is built against libuv version 1.34.2 or lower. * Running with libuv version higher than 1.39.0 is now a fatal error when named is built against libuv version 1.37.0, 1.38.0, 1.38.1, or 1.39.0. * This prevents the use of libuv versions that may trigger an assertion failure when receiving multiple UDP messages in a single system call. Bug Fixes: * named could crash with an assertion failure when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone. This has been fixed. * When named starts up, it sends a query for the DNSSEC key for each configured trust anchor to determine whether the key has changed. In some unusual cases, the query might depend on a zone for which the server is itself authoritative, and would have failed if it were sent before the zone was fully loaded. This has now been fixed by delaying the key queries until all zones have finished loading. [jsc#SLE-24600] ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2667=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2667=1 * Server Applications Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-2667=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * bind-9.16.42-150400.5.27.1 * bind-utils-debuginfo-9.16.42-150400.5.27.1 * bind-debuginfo-9.16.42-150400.5.27.1 * bind-debugsource-9.16.42-150400.5.27.1 * bind-utils-9.16.42-150400.5.27.1 * openSUSE Leap 15.4 (noarch) * bind-doc-9.16.42-150400.5.27.1 * python3-bind-9.16.42-150400.5.27.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.42-150400.5.27.1 * bind-debuginfo-9.16.42-150400.5.27.1 * bind-utils-9.16.42-150400.5.27.1 * bind-utils-debuginfo-9.16.42-150400.5.27.1 * Basesystem Module 15-SP4 (noarch) * python3-bind-9.16.42-150400.5.27.1 * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64) * bind-debugsource-9.16.42-150400.5.27.1 * bind-9.16.42-150400.5.27.1 * bind-debuginfo-9.16.42-150400.5.27.1 * Server Applications Module 15-SP4 (noarch) * bind-doc-9.16.42-150400.5.27.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2828.html * https://www.suse.com/security/cve/CVE-2023-2911.html * https://bugzilla.suse.com/show_bug.cgi?id=1212544 * https://bugzilla.suse.com/show_bug.cgi?id=1212567 * https://jira.suse.com/browse/SLE-24600 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 12:40:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 12:40:15 -0000 Subject: SUSE-SU-2023:2681-1: important: Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Message-ID: <168795601551.27919.13993030237725291917@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 37 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2681-1 Rating: important References: * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_134 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2681=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_134-default-5-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 12:40:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 12:40:18 -0000 Subject: SUSE-SU-2023:2680-1: important: Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP4) Message-ID: <168795601819.27919.8068472779567411881@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 2 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2680-1 Rating: important References: * #1207189 * #1210452 * #1210989 Cross-References: * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_8 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2680=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-6-150400.2.2 * kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-6-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 12:40:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 12:40:21 -0000 Subject: SUSE-SU-2023:2679-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) Message-ID: <168795602102.27919.9434192094453442184@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2679-1 Rating: important References: * #1207189 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_131 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2679=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_131-default-6-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2694-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Message-ID: <168796980358.14348.11602751400185278945@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2694-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2694=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_126-default-12-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_29-debugsource-12-150200.2.2 * kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-12-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:05 -0000 Subject: SUSE-SU-2023:2690-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP4) Message-ID: <168796980590.14348.6768156297589467579@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2690-1 Rating: important References: * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_117 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2690=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_117-default-5-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2689-1: important: Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP5) Message-ID: <168796980875.14348.10803758931877999798@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2689-1 Rating: important References: * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_153 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2689=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_153-default-3-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2687-1: important: Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Message-ID: <168796981088.14348.1679485365287767406@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP1) Announcement ID: SUSE-SU-2023:2687-1 Rating: important References: * #1210452 * #1210989 Cross-References: * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-150100_197_145 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2687=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_145-default-3-150100.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:13 -0000 Subject: SUSE-SU-2023:2686-1: important: Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5) Message-ID: <168796981382.14348.5547288051203682587@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2686-1 Rating: important References: * #1207189 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_144 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2686=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_144-default-6-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:15 -0000 Subject: SUSE-SU-2023:2693-1: moderate: Security update for python-sqlparse Message-ID: <168796981588.14348.8740889343161427658@smelt2.suse.de> # Security update for python-sqlparse Announcement ID: SUSE-SU-2023:2693-1 Rating: moderate References: * #1210617 Cross-References: * CVE-2023-30608 CVSS scores: * CVE-2023-30608 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-30608 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * HPE Helion OpenStack 8 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise Server 12 SP3 * SUSE OpenStack Cloud 8 * SUSE OpenStack Cloud Crowbar 8 An update that solves one vulnerability can now be installed. ## Description: This update for python-sqlparse fixes the following issues: * CVE-2023-30608: Fixed a regular rexpression that is vulnerable to ReDOS (bsc#1210617). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPE Helion OpenStack 8 zypper in -t patch HPE-Helion-OpenStack-8-2023-2693=1 * SUSE OpenStack Cloud 8 zypper in -t patch SUSE-OpenStack-Cloud-8-2023-2693=1 * SUSE OpenStack Cloud Crowbar 8 zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-2693=1 ## Package List: * HPE Helion OpenStack 8 (noarch) * python-sqlparse-0.2.3-3.3.1 * SUSE OpenStack Cloud 8 (noarch) * python-sqlparse-0.2.3-3.3.1 * SUSE OpenStack Cloud Crowbar 8 (noarch) * python-sqlparse-0.2.3-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-30608.html * https://bugzilla.suse.com/show_bug.cgi?id=1210617 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:17 -0000 Subject: SUSE-SU-2023:2692-1: moderate: Security update for iniparser Message-ID: <168796981785.14348.17131796559213798771@smelt2.suse.de> # Security update for iniparser Announcement ID: SUSE-SU-2023:2692-1 Rating: moderate References: * #1211889 Cross-References: * CVE-2023-33461 CVSS scores: * CVE-2023-33461 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-33461 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for iniparser fixes the following issues: * CVE-2023-33461: Fixed NULL pointer dereference in iniparser_getboolean() (bsc#1211889). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-2692=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2692=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2692=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-2692=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * iniparser-debugsource-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser-devel-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * iniparser-debugsource-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * libiniparser0-32bit-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-32bit-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * iniparser-debugsource-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libiniparser0-32bit-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-32bit-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * iniparser-debugsource-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-3.1.0.git20140619_c5beb80a-3.3.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libiniparser0-32bit-3.1.0.git20140619_c5beb80a-3.3.1 * libiniparser0-debuginfo-32bit-3.1.0.git20140619_c5beb80a-3.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33461.html * https://bugzilla.suse.com/show_bug.cgi?id=1211889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:19 -0000 Subject: SUSE-SU-2023:2691-1: low: Security update for kubernetes1.23 Message-ID: <168796981983.14348.12857613393876429225@smelt2.suse.de> # Security update for kubernetes1.23 Announcement ID: SUSE-SU-2023:2691-1 Rating: low References: * #1212493 Cross-References: * CVE-2023-2431 CVSS scores: * CVE-2023-2431 ( SUSE ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2023-2431 ( NVD ): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N Affected Products: * Containers Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for kubernetes1.23 fixes the following issues: * CVE-2023-2431: Fixed a bypass issue of seccomp profile enforcement (bsc#1212493). ## Patch Instructions: To install this SUSE Low update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2691=1 openSUSE-SLE-15.5-2023-2691=1 * Containers Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Containers-15-SP5-2023-2691=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-scheduler-1.23.17-150500.3.6.1 * kubernetes1.23-kubelet-1.23.17-150500.3.6.1 * kubernetes1.23-client-1.23.17-150500.3.6.1 * kubernetes1.23-apiserver-1.23.17-150500.3.6.1 * kubernetes1.23-client-common-1.23.17-150500.3.6.1 * kubernetes1.23-controller-manager-1.23.17-150500.3.6.1 * kubernetes1.23-kubeadm-1.23.17-150500.3.6.1 * kubernetes1.23-proxy-1.23.17-150500.3.6.1 * kubernetes1.23-kubelet-common-1.23.17-150500.3.6.1 * openSUSE Leap 15.5 (noarch) * kubernetes1.23-client-bash-completion-1.23.17-150500.3.6.1 * kubernetes1.23-client-fish-completion-1.23.17-150500.3.6.1 * openSUSE Leap 15.5 (ppc64le) * kubernetes1.23-kubelet-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-scheduler-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-proxy-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-client-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-apiserver-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-controller-manager-debuginfo-1.23.17-150500.3.6.1 * kubernetes1.23-kubeadm-debuginfo-1.23.17-150500.3.6.1 * Containers Module 15-SP5 (aarch64 ppc64le s390x x86_64) * kubernetes1.23-client-1.23.17-150500.3.6.1 * kubernetes1.23-client-common-1.23.17-150500.3.6.1 * Containers Module 15-SP5 (ppc64le) * kubernetes1.23-client-debuginfo-1.23.17-150500.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2023-2431.html * https://bugzilla.suse.com/show_bug.cgi?id=1212493 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 16:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 16:30:21 -0000 Subject: SUSE-SU-2023:2688-1: critical: Security update for python-reportlab Message-ID: <168796982187.14348.17453851164725721535@smelt2.suse.de> # Security update for python-reportlab Announcement ID: SUSE-SU-2023:2688-1 Rating: critical References: * #1212065 * #1212527 Cross-References: * CVE-2023-33733 CVSS scores: * CVE-2023-33733 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-33733 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 An update that solves one vulnerability and has one fix can now be installed. ## Description: This update for python-reportlab fixes the following issues: * CVE-2023-33733: Fixed arbitrary code execution via supplying a crafted PDF file (bsc#1212065). Bug fixes: * Add fix_failing_tests.patch to make some tests not failing (bsc#1212527). ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-2688=1 ## Package List: * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * python-reportlab-2.7-3.13.1 * python-reportlab-debugsource-2.7-3.13.1 * python-reportlab-debuginfo-2.7-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33733.html * https://bugzilla.suse.com/show_bug.cgi?id=1212065 * https://bugzilla.suse.com/show_bug.cgi?id=1212527 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 20:30:02 -0000 Subject: SUSE-SU-2023:2700-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Message-ID: <168798420281.31725.1008926595203793543@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2700-1 Rating: important References: * #1210989 Cross-References: * CVE-2023-31436 CVSS scores: * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_148 fixes one issue. The following security issue was fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2700=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_148-default-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_148-default-debuginfo-3-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_35-debugsource-3-150200.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 20:30:05 -0000 Subject: SUSE-SU-2023:2698-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Message-ID: <168798420572.31725.4509646873187506486@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2698-1 Rating: important References: * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_142 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2698=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-2699=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_34-debugsource-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_142-default-5-150200.2.2 * kernel-livepatch-5_3_18-150200_24_145-default-4-150200.2.1 * kernel-livepatch-5_3_18-150200_24_142-default-debuginfo-5-150200.2.2 * kernel-livepatch-5_3_18-150200_24_145-default-debuginfo-4-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_33-debugsource-5-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 20:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 20:30:09 -0000 Subject: SUSE-SU-2023:2697-1: important: Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Message-ID: <168798420920.31725.13329446013942651712@smelt2.suse.de> # Security update for the Linux Kernel RT (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2697-1 Rating: important References: * #1210452 * #1210989 Cross-References: * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_15_11 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2697=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * kernel-livepatch-5_14_21-150400_15_11-rt-5-150400.2.2 * kernel-livepatch-SLE15-SP4-RT_Update_3-debugsource-5-150400.2.2 * kernel-livepatch-5_14_21-150400_15_11-rt-debuginfo-5-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Wed Jun 28 20:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 28 Jun 2023 20:30:12 -0000 Subject: SUSE-SU-2023:2695-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Message-ID: <168798421251.31725.15927148778713488628@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2695-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_129 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2695=1 SUSE-SLE- Module-Live-Patching-15-SP2-2023-2696=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP2_Update_30-debugsource-9-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_31-debugsource-9-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-debuginfo-9-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-9-150200.2.2 * kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-9-150200.2.2 * kernel-livepatch-5_3_18-150200_24_134-default-9-150200.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 07:03:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:03:09 +0200 (CEST) Subject: SUSE-CU-2023:2190-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230629070309.DBF41FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2190-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.159 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.159 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - libopenssl1_1-1.1.1l-150400.7.42.1 updated - openssl-1_1-1.1.1l-150400.7.42.1 updated - container:sles15-image-15.0.0-27.14.72 updated From sle-updates at lists.suse.com Thu Jun 29 07:03:34 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:03:34 +0200 (CEST) Subject: SUSE-CU-2023:2191-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230629070334.71D03FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2191-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-4.2.56 , suse/sle-micro/5.4/toolbox:latest Container Release : 4.2.56 Severity : moderate Type : security References : 1201627 1207534 CVE-2022-4304 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2648-1 Released: Tue Jun 27 09:52:35 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,CVE-2022-4304 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - Update further expiring certificates that affect the testsuite (bsc#1201627). The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.42.1 updated - libopenssl1_1-1.1.1l-150400.7.42.1 updated - openssl-1_1-1.1.1l-150400.7.42.1 updated - container:sles15-image-15.0.0-27.14.72 updated From sle-updates at lists.suse.com Thu Jun 29 07:06:27 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:06:27 +0200 (CEST) Subject: SUSE-CU-2023:2192-1: Recommended update of suse/sles12sp4 Message-ID: <20230629070627.D34CFFF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2192-1 Container Tags : suse/sles12sp4:26.619 , suse/sles12sp4:latest Container Release : 26.619 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2661-1 Released: Tue Jun 27 20:26:07 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204, containing lots of bugfixes and improvements. - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - base-container-licenses-3.0-1.357 updated - container-suseconnect-2.0.0-1.239 updated - libgcc_s1-12.3.0+git1204-1.8.1 updated - libstdc++6-12.3.0+git1204-1.8.1 updated From sle-updates at lists.suse.com Thu Jun 29 07:08:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:08:33 +0200 (CEST) Subject: SUSE-CU-2023:2193-1: Recommended update of suse/sles12sp5 Message-ID: <20230629070833.33BA4FF4A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2193-1 Container Tags : suse/sles12sp5:6.5.483 , suse/sles12sp5:latest Container Release : 6.5.483 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2661-1 Released: Tue Jun 27 20:26:07 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204, containing lots of bugfixes and improvements. - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 The following package changes have been done: - libgcc_s1-12.3.0+git1204-1.8.1 updated - libstdc++6-12.3.0+git1204-1.8.1 updated From sle-updates at lists.suse.com Thu Jun 29 07:09:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:09:22 +0200 (CEST) Subject: SUSE-CU-2023:2196-1: Security update of bci/nodejs Message-ID: <20230629070922.0E27CFF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2196-1 Container Tags : bci/node:16 , bci/node:16-8.2 , bci/nodejs:16 , bci/nodejs:16-8.2 Container Release : 8.2 Severity : important Type : security References : 1211407 1211604 1211605 1211606 1211607 1212574 1212579 1212581 1212582 1212583 CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2663-1 Released: Tue Jun 27 20:27:00 2023 Summary: Security update for nodejs16 Type: security Severity: important References: 1211407,1211604,1211605,1211606,1211607,1212574,1212579,1212581,1212582,1212583,CVE-2023-30581,CVE-2023-30585,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for nodejs16 fixes the following issues: Update to version 16.20.1: - CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574). - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). - CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). - CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). - CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). - CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). - CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). - CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). Bug fixes: - Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) The following package changes have been done: - nodejs16-16.20.1-150400.3.21.1 updated - npm16-16.20.1-150400.3.21.1 updated From sle-updates at lists.suse.com Thu Jun 29 07:09:26 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 09:09:26 +0200 (CEST) Subject: SUSE-CU-2023:2197-1: Security update of bci/nodejs Message-ID: <20230629070926.4F8E3FF4A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2197-1 Container Tags : bci/node:18 , bci/node:18-7.2 , bci/nodejs:18 , bci/nodejs:18-7.2 Container Release : 7.2 Severity : important Type : security References : 1208744 1211407 1211604 1211605 1211606 1211607 1212574 1212579 1212581 1212582 1212583 CVE-2022-25881 CVE-2023-30581 CVE-2023-30585 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590 CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2669-1 Released: Wed Jun 28 09:24:41 2023 Summary: Security update for nodejs18 Type: security Severity: important References: 1208744,1211407,1211604,1211605,1211606,1211607,1212574,1212579,1212581,1212582,1212583,CVE-2022-25881,CVE-2023-30581,CVE-2023-30585,CVE-2023-30588,CVE-2023-30589,CVE-2023-30590,CVE-2023-31124,CVE-2023-31130,CVE-2023-31147,CVE-2023-32067 This update for nodejs18 fixes the following issues: Update to version 18.16.1: - CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574). - CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579). - CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581). - CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582). - CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583). - CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607). - CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606). - CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605). - CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604). - CVE-2022-25881: Fixed a Regular Expression Denial of Service (bsc#1208744). Bug fixes: - Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407) The following package changes have been done: - nodejs18-18.16.1-150400.9.9.1 updated - npm18-18.16.1-150400.9.9.1 updated From sle-updates at lists.suse.com Thu Jun 29 08:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 08:30:04 -0000 Subject: SUSE-SU-2023:2701-1: important: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3) Message-ID: <168802740450.7498.9563494835587421331@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2701-1 Rating: important References: * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_115 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2701=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:04 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:04 -0000 Subject: SUSE-SU-2023:2721-1: important: Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Message-ID: <168805620400.17860.16291205981069781911@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2721-1 Rating: important References: * #1207189 * #1210452 * #1210989 Cross-References: * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_33 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2721=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_33-default-8-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_5-debugsource-8-150400.2.3 * kernel-livepatch-5_14_21-150400_24_33-default-debuginfo-8-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:06 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:06 -0000 Subject: SUSE-SU-2023:2720-1: important: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP4) Message-ID: <168805620601.17860.3872575740206626017@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2720-1 Rating: important References: * #1210989 Cross-References: * CVE-2023-31436 CVSS scores: * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_125 fixes one issue. The following security issue was fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2720=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_125-default-2-2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2719-1: important: Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Message-ID: <168805620844.17860.5232198915372122772@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2719-1 Rating: important References: * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_147 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2719=1 SUSE-SLE-Live- Patching-12-SP5-2023-2722=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_150-default-5-2.2 * kgraft-patch-4_12_14-122_147-default-5-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:11 -0000 Subject: SUSE-SU-2023:2714-1: important: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Message-ID: <168805621131.17860.17920935614739733767@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2714-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_18 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2714=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_18-default-12-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_2-debugsource-12-150400.2.3 * kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-12-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:14 -0000 Subject: SUSE-SU-2023:2718-1: important: Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Message-ID: <168805621434.17860.14064859220740103857@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2718-1 Rating: important References: * #1207189 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_130 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2718=1 SUSE-SLE-Live- Patching-12-SP5-2023-2713=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_133-default-9-2.2 * kgraft-patch-4_12_14-122_130-default-11-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:16 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:16 -0000 Subject: SUSE-SU-2023:2717-1: important: Security update for buildah Message-ID: <168805621625.17860.11427391922750341662@smelt2.suse.de> # Security update for buildah Announcement ID: SUSE-SU-2023:2717-1 Rating: important References: * #1206346 Affected Products: * Containers Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2717=1 * Containers Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-2717=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150400.3.18.1 * Containers Module 15-SP4 (aarch64 ppc64le s390x x86_64) * buildah-1.29.1-150400.3.18.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:18 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:18 -0000 Subject: SUSE-SU-2023:2716-1: important: Security update for buildah Message-ID: <168805621825.17860.6167609172697617088@smelt2.suse.de> # Security update for buildah Announcement ID: SUSE-SU-2023:2716-1 Rating: important References: * #1206346 Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that has one fix can now be installed. ## Description: This update of buildah fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2716=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2716=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2716=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2716=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2716=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2716=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * buildah-1.25.1-150100.3.17.1 * SUSE CaaS Platform 4.0 (x86_64) * buildah-1.25.1-150100.3.17.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:20 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:20 -0000 Subject: SUSE-RU-2023:2715-1: critical: Recommended update for yast2-network Message-ID: <168805622051.17860.4278902684446338544@smelt2.suse.de> # Recommended update for yast2-network Announcement ID: SUSE-RU-2023:2715-1 Rating: critical References: * #1211431 Affected Products: * Basesystem Module 15-SP4 * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one recommended fix can now be installed. ## Description: This update for yast2-network fixes the following issues: * bsc#1211431 * Do not crash installation when storing vlan configuration into NetworkManager * 4.4.58 ## Patch Instructions: To install this SUSE Critical update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2715=1 * SUSE Linux Enterprise High Performance Computing 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Linux Enterprise Server 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Linux Enterprise Desktop 15 SP4 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP4-2023-2715=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2715=1 ## Package List: * openSUSE Leap 15.4 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Linux Enterprise High Performance Computing 15 SP4 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Linux Enterprise Server 15 SP4 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Manager Server 4.3 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Linux Enterprise Desktop 15 SP4 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * yast2-network-4.4.58-150400.3.24.1 * SUSE Manager Proxy 4.3 (noarch) * yast2-network-4.4.58-150400.3.24.1 * Basesystem Module 15-SP4 (noarch) * yast2-network-4.4.58-150400.3.24.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1211431 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:23 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:23 -0000 Subject: SUSE-SU-2023:2710-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Message-ID: <168805622339.17860.17278372995463174862@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2710-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2710=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_76-default-14-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:25 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:25 -0000 Subject: SUSE-SU-2023:2709-1: important: Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Message-ID: <168805622559.17860.5159823162070087293@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2709-1 Rating: important References: * #1210989 Cross-References: * CVE-2023-31436 CVSS scores: * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_151 fixes one issue. The following security issue was fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2709=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2711=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_151-default-3-150200.2.1 * kernel-livepatch-5_3_18-150200_24_151-default-debuginfo-3-150200.2.1 * kernel-livepatch-SLE15-SP2_Update_36-debugsource-3-150200.2.1 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_118-default-3-150300.2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:28 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:28 -0000 Subject: SUSE-SU-2023:2708-1: important: Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP4) Message-ID: <168805622805.17860.7895355843375934993@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP4) Announcement ID: SUSE-SU-2023:2708-1 Rating: important References: * #1207189 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-95_111 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2708=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-95_111-default-8-2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:30 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:30 -0000 Subject: SUSE-SU-2023:2703-1: important: Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Message-ID: <168805623032.17860.5164881136911990984@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 42 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2703-1 Rating: important References: * #1210452 * #1210989 Cross-References: * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_156 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2703=1 SUSE-SLE-Live- Patching-12-SP5-2023-2706=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2712=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_156-default-3-2.1 * kgraft-patch-4_12_14-122_159-default-2-2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_46-default-5-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_8-debugsource-5-150400.2.3 * kernel-livepatch-5_14_21-150400_24_46-default-debuginfo-5-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:33 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:33 -0000 Subject: SUSE-SU-2023:2702-1: important: Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP5) Message-ID: <168805623339.17860.6330918891838142236@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP5) Announcement ID: SUSE-SU-2023:2702-1 Rating: important References: * #1207189 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 4.12.14-122_127 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2702=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2704=1 SUSE-SLE- Module-Live-Patching-15-SP1-2023-2707=1 ## Package List: * SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64) * kgraft-patch-4_12_14-122_127-default-11-2.2 * SUSE Linux Enterprise Live Patching 15-SP1 (ppc64le x86_64) * kernel-livepatch-4_12_14-150100_197_117-default-11-150100.2.2 * kernel-livepatch-4_12_14-150100_197_123-default-8-150100.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 16:30:35 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 16:30:35 -0000 Subject: SUSE-RU-2023:2705-1: moderate: Recommended update for lifecycle-data-sle-live-patching Message-ID: <168805623557.17860.2089174900233796833@smelt2.suse.de> # Recommended update for lifecycle-data-sle-live-patching Announcement ID: SUSE-RU-2023:2705-1 Rating: moderate References: * #1020320 Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Live Patching 12-SP5 * SUSE Linux Enterprise Live Patching 12-SP4 * SUSE Linux Enterprise Live Patching 12 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-live-patching fixes the following issues: * Added data for 4_12_14-122_153, 4_12_14-122_156, 4_12_14-95_120 (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 12 zypper in -t patch SUSE-SLE-Live-Patching-12-2023-2705=1 * SUSE Linux Enterprise Live Patching 12-SP4 zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2023-2705=1 * SUSE Linux Enterprise Live Patching 12-SP5 zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-2705=1 ## Package List: * SUSE Linux Enterprise Live Patching 12 (noarch) * lifecycle-data-sle-live-patching-1-10.128.1 * SUSE Linux Enterprise Live Patching 12-SP4 (noarch) * lifecycle-data-sle-live-patching-1-10.128.1 * SUSE Linux Enterprise Live Patching 12-SP5 (noarch) * lifecycle-data-sle-live-patching-1-10.128.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:02 -0000 Subject: SUSE-SU-2023:2734-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Message-ID: <168807060286.9831.2196412831630685031@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2734-1 Rating: important References: * #1210989 Cross-References: * CVE-2023-31436 CVSS scores: * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves one vulnerability can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_121 fixes one issue. The following security issue was fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2734=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2736=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2737=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_121-default-3-150300.2.1 * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_60-default-debuginfo-3-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_12-debugsource-3-150400.2.2 * kernel-livepatch-5_14_21-150400_24_63-default-3-150400.2.2 * kernel-livepatch-5_14_21-150400_24_63-default-debuginfo-3-150400.2.2 * kernel-livepatch-5_14_21-150400_24_60-default-3-150400.2.2 * kernel-livepatch-SLE15-SP4_Update_11-debugsource-3-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:05 -0000 Subject: SUSE-SU-2023:2731-1: important: Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Message-ID: <168807060534.9831.14997902055057461534@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 10 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2731-1 Rating: important References: * #1210452 * #1210989 Cross-References: * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves two vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_55 fixes several issues. The following security issues were fixed: * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2731=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_10-debugsource-4-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-4-150400.2.2 * kernel-livepatch-5_14_21-150400_24_55-default-debuginfo-4-150400.2.2 ## References: * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:08 -0000 Subject: SUSE-SU-2023:2735-1: important: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Message-ID: <168807060855.9831.8077440153328463835@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2735-1 Rating: important References: * #1207189 * #1210452 * #1210989 Cross-References: * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_21 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2735=1 SUSE-SLE- Module-Live-Patching-15-SP4-2023-2730=1 SUSE-SLE-Module-Live- Patching-15-SP4-2023-2726=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_4-debugsource-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-6-150400.2.3 * kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_41-default-6-150400.2.3 * kernel-livepatch-5_14_21-150400_24_21-default-11-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-debuginfo-9-150400.2.3 * kernel-livepatch-5_14_21-150400_24_28-default-9-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_3-debugsource-11-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_7-debugsource-6-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:11 -0000 Subject: SUSE-SU-2023:2724-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Message-ID: <168807061131.9831.11819430474265658353@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 28 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2724-1 Rating: important References: * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_109 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2724=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2729=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_109-default-6-150300.2.2 * kernel-livepatch-5_3_18-150300_59_112-default-5-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:14 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:14 -0000 Subject: SUSE-SU-2023:2727-1: important: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2) Message-ID: <168807061496.9831.14971182237773817771@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP2) Announcement ID: SUSE-SU-2023:2727-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150200_24_139 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2727=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2728=1 SUSE-SLE- Module-Live-Patching-15-SP3-2023-2732=1 SUSE-SLE-Module-Live- Patching-15-SP3-2023-2725=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2733=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-2723=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP2 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150200_24_139-default-debuginfo-6-150200.2.2 * kernel-livepatch-5_3_18-150200_24_139-default-6-150200.2.2 * kernel-livepatch-SLE15-SP2_Update_32-debugsource-6-150200.2.2 * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_106-default-6-150300.2.2 * kernel-livepatch-5_3_18-150300_59_101-default-8-150300.2.2 * kernel-livepatch-5_3_18-150300_59_90-default-12-150300.2.2 * kernel-livepatch-5_3_18-150300_59_98-default-9-150300.2.2 * kernel-livepatch-5_3_18-150300_59_93-default-11-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Thu Jun 29 20:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 29 Jun 2023 20:30:17 -0000 Subject: SUSE-SU-2023:1295-1: important: Security update for sqlite3 Message-ID: <168807061791.9831.10406851304269333361@smelt2.suse.de> # Security update for sqlite3 Announcement ID: SUSE-SU-2023:1295-1 Rating: important References: * #1206337 Cross-References: * CVE-2022-46908 CVSS scores: * CVE-2022-46908 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2022-46908 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L Affected Products: * SUSE CaaS Platform 4.0 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Proxy 4.2 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Server 4.2 An update that solves one vulnerability can now be installed. ## Description: This update for sqlite3 fixes the following issues: * CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-1295=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-1295=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-1295=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-1295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-1295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-1295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-1295=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-1295=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-1295=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-1295=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-1295=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-1295=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-1295=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-1295=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-1295=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Manager Proxy 4.2 (x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Manager Server 4.2 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Enterprise Storage 7.1 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Enterprise Storage 7 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE CaaS Platform 4.0 (x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libsqlite3-0-debuginfo-3.39.3-150000.3.20.1 * sqlite3-3.39.3-150000.3.20.1 * sqlite3-debuginfo-3.39.3-150000.3.20.1 * sqlite3-debugsource-3.39.3-150000.3.20.1 * sqlite3-devel-3.39.3-150000.3.20.1 * sqlite3-tcl-3.39.3-150000.3.20.1 * libsqlite3-0-3.39.3-150000.3.20.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (x86_64) * libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.20.1 * libsqlite3-0-32bit-3.39.3-150000.3.20.1 ## References: * https://www.suse.com/security/cve/CVE-2022-46908.html * https://bugzilla.suse.com/show_bug.cgi?id=1206337 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 08:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 08:30:02 -0000 Subject: SUSE-RU-2023:2739-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <168811380274.26014.16091744614138376915@smelt2.suse.de> # Recommended update for lifecycle-data-sle-module-live-patching Announcement ID: SUSE-RU-2023:2739-1 Rating: moderate References: * #1020320 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP2 * SUSE Linux Enterprise Live Patching 15-SP1 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: * Added data for 4_12_14-150100_197_137, 4_12_14-150100_197_142, 5_14_21-150400_24_49, 5_14_21-150400_24_55, 5_14_21-150400_24_60, 5_3_18-150200_24_145, 5_3_18-150200_24_148, 5_3_18-150300_59_115, 5_3_18-150300_59_118, +kernel-livepatch-5_14_21-150400_15_14-rt, _,2024-03-15+kernel-livepatch-5_14_21-150400_15_18-rt,_ , 2024-03-28+kernel- livepatch-5_14_21-150400_15_23-rt,*,2024-04-25 (bsc#1020320) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2739=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2739=1 * SUSE Linux Enterprise Live Patching 15-SP1 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2023-2739=1 * SUSE Linux Enterprise Live Patching 15-SP2 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2023-2739=1 * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2739=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2739=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2739=1 ## Package List: * openSUSE Leap 15.4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * openSUSE Leap 15.5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * SUSE Linux Enterprise Live Patching 15-SP1 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * SUSE Linux Enterprise Live Patching 15-SP2 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * SUSE Linux Enterprise Live Patching 15-SP3 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * SUSE Linux Enterprise Live Patching 15-SP4 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 * SUSE Linux Enterprise Live Patching 15-SP5 (noarch) * lifecycle-data-sle-module-live-patching-15-150000.4.93.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1020320 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 08:30:05 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 08:30:05 -0000 Subject: SUSE-FU-2023:2738-1: moderate: Feature update for Apache Commons components Message-ID: <168811380502.26014.12075832359829145149@smelt2.suse.de> # Feature update for Apache Commons components Announcement ID: SUSE-FU-2023:2738-1 Rating: moderate References: Affected Products: * Development Tools Module 15-SP4 * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that contains one feature can now be installed. ## Description: This update for Apache Commons components fixes the following issues: apache-commons-text: * Add upstream signing key and verify source signature (jsc#SLE-23217) apache-commons-daemon: * Version update from 1.2.4 to 1.3.2 (jsc#SLE-23217): * Fix Procrun. Remove noisy INFO log message that triggered logging once per minute while the service was running * Fix typos in Javadoc and comments * Fix Procrun. The DependsOn parameter is no longer ignored when updating the service configuration * Provide an error level log message when the user attempts to start the service without configuring a JVM and none is available via the registry * Dependencies Updates: * Bump actions/cache from 3.0.3 to 3.0.8. * Bump actions/checkout from 3 to 3.0.2. * Bump commons-parent from 53 to 54. * Bump spotbugs-maven-plugin from 4.6.0.0 to 4.7.2.0. * Bump jacoco-maven-plugin from 0.8.7 to 0.8.8. * Bump japicmp-maven-plugin from 0.15.4 to 0.16.0. * Bump JUnit 4 to 5 vintage. apache-common-parent: * Version update from 52 to version 53 (jsc#SLE-23217): * New features: * Add .asf.yaml to RAT excludes. * Add versions-maven-plugin run for this build. * Add maven-checkstyle-plugin to pluginManagement. * Allow Maven PMD plugin to override PMD implementation jars with property "commons.pmd-impl.version". * Add property commons.javadoc16.java.link. * Add and use property commons.enforcer-plugin.version. * Add SpotBugs to plugin management section. * Add and use property commons.buildnumber-plugin.version. * Add property commons.javadoc17.java.link. * Fixed Bugs: * Use HTTPS for Javadoc links to Oracle. * Use HTTPS for most links to Apache. * Rename property biz.aQute.bndlib.version to commons.biz.aQute.bndlib.version. * Dependencies updates: * Bump versions-maven-plugin from 2.7 to 2.10.0 * Bump maven-project-info-reports-plugin from 3.1.0 to 3.2.2 * Bump Jacoco from 0.8.5 to 0.8.7 * Bump actions/setup-java from v1.4.0 to v2 * Bump commons-build-plugin 1.11 to 1.12 * Bump biz.aQute.bndlib from 5.1.2 to 6.2.0 * Bump actions/checkout from 2.3.1 to 3 * Bump com.github.siom79.japicmp:japicmp-maven-plugin 0.14.3 to 0.15.7 * Bump org.apache.maven.wagon:wagon-ssh 3.4.0 to 3.4.3 * Bump maven-pmd-plugin 3.13.0 to 3.16.0 * Bump commons.checkstyle-plugin.version 3.1.1 to 3.1.2 * Bump actions/cache from 2 to 3 * Bump animal-sniffer-maven-plugin from 1.19 to 1.21 * Bump com.puppycrawl.tools:checkstyle from 8.40 to 9.0.2 * Bump maven-bundle-plugin from 5.1.1 to 5.1.4 * Bump maven-jxr-plugin from 3.0.0 to 3.1.1 * Bump maven-javadoc-plugin from 3.2.0 to 3.3.2 * Bump commons.pmd-impl.version from 6.29.0 to 6.44.0 * Bump spotbugs-maven-plugin from 4.0.4 to 4.5.3.0 * Bump spotbugs from 4.0.6 to 4.5.3 * Bump maven-enforcer-plugin from 3.0.0-M3 to 3.0.0 * Bump buildnumber-maven-plugin from 1.4 to 3.0.0 * Bump maven-site-plugin from 3.9.1 to 3.11.0 * Bump wagon-ssh from 3.4.3 to 3.5.1 * Bump checkstyle from 9.2 to 9.3 * Bump maven-compiler-plugin from 3.8.1 to 3.10.1 * Bump maven-jar-plugin from 3.2.0 to 3.2.2 * Bump commons-release-plugin from 1.7 to 1.8.0 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2738=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2738=1 * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-2738=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2738=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2738=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2738=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2738=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2738=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2738=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2738=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2738=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2738=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2738=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * apache-commons-daemon-jsvc-1.3.2-150200.11.9.2 * apache-commons-daemon-jsvc-debuginfo-1.3.2-150200.11.9.2 * openSUSE Leap 15.4 (noarch) * apache-commons-parent-53-150200.3.9.1 * apache-commons-daemon-javadoc-1.3.2-150200.11.9.2 * apache-commons-text-1.10.0-150200.5.8.7 * apache-commons-text-javadoc-1.10.0-150200.5.8.7 * Development Tools Module 15-SP4 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Enterprise Storage 7.1 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 * SUSE Enterprise Storage 7 (aarch64 x86_64) * apache-commons-daemon-debugsource-1.3.2-150200.11.9.2 * apache-commons-daemon-1.3.2-150200.11.9.2 * SUSE Enterprise Storage 7 (noarch) * apache-commons-text-1.10.0-150200.5.8.7 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:02 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:02 -0000 Subject: SUSE-SU-2023:2743-1: important: Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Message-ID: <168812820281.5149.17171138416625075425@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2743-1 Rating: important References: * #1207189 * #1210452 * #1210989 Cross-References: * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves three vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_38 fixes several issues. The following security issues were fixed: * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2743=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-5_14_21-150400_24_38-default-7-150400.2.3 * kernel-livepatch-5_14_21-150400_24_38-default-debuginfo-7-150400.2.3 * kernel-livepatch-SLE15-SP4_Update_6-debugsource-7-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:07 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:07 -0000 Subject: SUSE-SU-2023:2741-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) Message-ID: <168812820705.5149.15244807551138550801@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3) Announcement ID: SUSE-SU-2023:2741-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210779 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-1390 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-1390 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-1390 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise Live Patching 15-SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves five vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP3 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-2741=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP3 (ppc64le s390x x86_64) * kernel-livepatch-5_3_18-150300_59_87-default-13-150300.2.2 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-1390.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210779 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:09 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:09 -0000 Subject: SUSE-SU-2023:2746-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <168812820915.5149.11107466386666831575@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:2746-1 Rating: important References: * #1208296 Affected Products: * SAP Applications Module 15-SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 An update that has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208296). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SAP Applications Module 15-SP1 zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-2746=1 ## Package List: * SAP Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-150000.1.29.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:11 -0000 Subject: SUSE-SU-2023:2745-1: important: Security update for prometheus-ha_cluster_exporter Message-ID: <168812821107.5149.12707186750044056419@smelt2.suse.de> # Security update for prometheus-ha_cluster_exporter Announcement ID: SUSE-SU-2023:2745-1 Rating: important References: * #1208296 Affected Products: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that has one fix can now be installed. ## Description: This update for prometheus-ha_cluster_exporter fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1208296). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-2745=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-2745=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 12 SP4 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-4.31.2 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * prometheus-ha_cluster_exporter-1.3.3+git.1683650163.1000ba6-4.31.2 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1208296 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:12 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:12 -0000 Subject: SUSE-SU-2023:2744-1: important: Security update for rekor Message-ID: <168812821298.5149.13217976174657527225@smelt2.suse.de> # Security update for rekor Announcement ID: SUSE-SU-2023:2744-1 Rating: important References: * #1206346 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that has one fix can now be installed. ## Description: This update of rekor fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2744=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2744=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2744=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2744=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.14.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.14.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.14.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * rekor-1.2.1-150400.4.14.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:19 -0000 Subject: SUSE-RU-2023:2742-1: moderate: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Message-ID: <168812821922.5149.13292336742246000766@smelt2.suse.de> # Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Announcement ID: SUSE-RU-2023:2742-1 Rating: moderate References: * #1202234 * #1209565 * #1211261 * #1212187 * #1212222 Affected Products: * Basesystem Module 15-SP4 * Basesystem Module 15-SP5 * Development Tools Module 15-SP4 * Development Tools Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise Desktop 15 SP4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP3 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.2 Module 4.2 * SUSE Manager Server 4.3 * SUSE Manager Server 4.3 Module 4.3 * SUSE Package Hub 15 15-SP4 * SUSE Package Hub 15 15-SP5 An update that has five recommended fixes can now be installed. ## Description: This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): * Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. * build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: * targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) * targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: * Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) * Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: * Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ## Special Instructions and Notes: ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-2742=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2742=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2742=1 * SUSE Linux Enterprise Server 15 SP2 zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2023-2742=1 * SUSE Linux Enterprise Server 15 SP3 zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2023-2742=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2742=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-2742=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2742=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-2742=1 * Basesystem Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-2742=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2742=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-2742=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-2742=1 * SUSE Package Hub 15 15-SP4 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-2742=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2742=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2742=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2742=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2742=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2742=1 * SUSE Manager Server 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-2742=1 * SUSE Manager Server 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-2742=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2742=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-2742=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-2742=1 * SUSE Linux Enterprise Real Time 15 SP3 zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-2742=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2742=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-2742=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2742=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-2742=1 * SUSE Manager Proxy 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2742=1 * SUSE Manager Retail Branch Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.2-2023-2742=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2742=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-2742=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2742=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-2742=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2742=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-2742=1 ## Package List: * openSUSE Leap Micro 5.3 (aarch64 x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * protobuf-java-3.9.2-150200.4.21.1 * libprotobuf20-3.9.2-150200.4.21.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * python3-protobuf-3.9.2-150200.4.21.1 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-3.9.2-150200.4.21.1 * openSUSE Leap 15.4 (x86_64) * libprotobuf20-32bit-3.9.2-150200.4.21.1 * libprotoc20-32bit-3.9.2-150200.4.21.1 * libprotobuf-lite20-32bit-3.9.2-150200.4.21.1 * libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-32bit-debuginfo-3.9.2-150200.4.21.1 * libprotobuf20-32bit-debuginfo-3.9.2-150200.4.21.1 * openSUSE Leap 15.4 (noarch) * protobuf-source-3.9.2-150200.4.21.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * protobuf-java-3.9.2-150200.4.21.1 * libprotobuf20-3.9.2-150200.4.21.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * python3-protobuf-3.9.2-150200.4.21.1 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-3.9.2-150200.4.21.1 * openSUSE Leap 15.5 (x86_64) * libprotobuf20-32bit-3.9.2-150200.4.21.1 * libprotoc20-32bit-3.9.2-150200.4.21.1 * libprotobuf-lite20-32bit-3.9.2-150200.4.21.1 * libprotobuf-lite20-32bit-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-32bit-debuginfo-3.9.2-150200.4.21.1 * libprotobuf20-32bit-debuginfo-3.9.2-150200.4.21.1 * openSUSE Leap 15.5 (noarch) * protobuf-source-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Server 15 SP2 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.14-150200.70.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-tools-0.7.24-150200.20.2 * yast2-pkg-bindings-4.2.16-150200.3.19.1 * SUSE Linux Enterprise Server 15 SP3 (noarch) * autoyast2-4.3.106-150300.3.56.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise Server 15 SP3 (aarch64 ppc64le s390x x86_64) * libzypp-17.31.14-150200.70.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-tools-0.7.24-150200.20.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * Basesystem Module 15-SP4 (aarch64 ppc64le s390x x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-3.9.2-150200.4.21.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * libprotoc20-3.9.2-150200.4.21.1 * SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x x86_64) * python2-protobuf-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * python3-protobuf-3.9.2-150200.4.21.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * python2-protobuf-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * python3-protobuf-3.9.2-150200.4.21.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.21.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * python3-protobuf-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * protobuf-java-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * protobuf-java-3.9.2-150200.4.21.1 * protobuf-debugsource-3.9.2-150200.4.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * yast2-pkg-bindings-debugsource-4.2.16-150200.3.19.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.2.16-150200.3.19.1 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * yast2-pkg-bindings-4.2.16-150200.3.19.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.61-150200.54.1 * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Linux Enterprise Real Time 15 SP3 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise Real Time 15 SP3 (x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * yast2-pkg-bindings-debugsource-4.2.16-150200.3.19.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.2.16-150200.3.19.1 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * yast2-pkg-bindings-4.2.16-150200.3.19.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * zypper-log-1.14.61-150200.54.1 * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * yast2-pkg-bindings-debugsource-4.2.16-150200.3.19.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.2.16-150200.3.19.1 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * yast2-pkg-bindings-4.2.16-150200.3.19.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * zypper-log-1.14.61-150200.54.1 * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Manager Proxy 4.2 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Manager Proxy 4.2 (x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Manager Retail Branch Server 4.2 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Manager Retail Branch Server 4.2 (x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Manager Server 4.2 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * yast2-update-4.3.5-150300.3.9.1 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.3.12-150300.3.3.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * yast2-pkg-bindings-debugsource-4.3.12-150300.3.3.2 * yast2-pkg-bindings-4.3.12-150300.3.3.2 * SUSE Enterprise Storage 7.1 (noarch) * zypper-log-1.14.61-150200.54.1 * autoyast2-4.3.106-150300.3.56.1 * zypper-needs-restarting-1.14.61-150200.54.1 * autoyast2-installation-4.3.106-150300.3.56.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libprotobuf20-3.9.2-150200.4.21.1 * libzypp-debugsource-17.31.14-150200.70.1 * yast2-pkg-bindings-debugsource-4.2.16-150200.3.19.1 * libprotobuf20-debuginfo-3.9.2-150200.4.21.1 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * libprotoc20-3.9.2-150200.4.21.1 * perl-solv-debuginfo-0.7.24-150200.20.2 * libsolv-devel-debuginfo-0.7.24-150200.20.2 * zypper-1.14.61-150200.54.1 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * yast2-pkg-bindings-debuginfo-4.2.16-150200.3.19.1 * python3-solv-debuginfo-0.7.24-150200.20.2 * ruby-solv-0.7.24-150200.20.2 * zypper-debugsource-1.14.61-150200.54.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * yast2-pkg-bindings-4.2.16-150200.3.19.1 * libzypp-17.31.14-150200.70.1 * perl-solv-0.7.24-150200.20.2 * libzypp-debuginfo-17.31.14-150200.70.1 * libsolv-tools-0.7.24-150200.20.2 * libzypp-devel-17.31.14-150200.70.1 * protobuf-devel-3.9.2-150200.4.21.1 * libprotoc20-debuginfo-3.9.2-150200.4.21.1 * python3-solv-0.7.24-150200.20.2 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-devel-0.7.24-150200.20.2 * ruby-solv-debuginfo-0.7.24-150200.20.2 * protobuf-devel-debuginfo-3.9.2-150200.4.21.1 * SUSE Enterprise Storage 7 (noarch) * zypper-log-1.14.61-150200.54.1 * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * zypper-debugsource-1.14.61-150200.54.1 * libzypp-debugsource-17.31.14-150200.70.1 * libsolv-debugsource-0.7.24-150200.20.2 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * zypper-1.14.61-150200.54.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-tools-0.7.24-150200.20.2 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * SUSE Linux Enterprise Micro 5.1 (noarch) * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * zypper-debugsource-1.14.61-150200.54.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * zypper-1.14.61-150200.54.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-tools-0.7.24-150200.20.2 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * SUSE Linux Enterprise Micro 5.2 (noarch) * zypper-needs-restarting-1.14.61-150200.54.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * zypper-debugsource-1.14.61-150200.54.1 * libzypp-debugsource-17.31.14-150200.70.1 * libprotobuf-lite20-debuginfo-3.9.2-150200.4.21.1 * libsolv-debugsource-0.7.24-150200.20.2 * protobuf-debugsource-3.9.2-150200.4.21.1 * libzypp-17.31.14-150200.70.1 * libzypp-debuginfo-17.31.14-150200.70.1 * zypper-1.14.61-150200.54.1 * libprotobuf-lite20-3.9.2-150200.4.21.1 * libsolv-tools-0.7.24-150200.20.2 * zypper-debuginfo-1.14.61-150200.54.1 * libsolv-debuginfo-0.7.24-150200.20.2 * libsolv-tools-debuginfo-0.7.24-150200.20.2 * SUSE Linux Enterprise Micro for Rancher 5.2 (noarch) * zypper-needs-restarting-1.14.61-150200.54.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1202234 * https://bugzilla.suse.com/show_bug.cgi?id=1209565 * https://bugzilla.suse.com/show_bug.cgi?id=1211261 * https://bugzilla.suse.com/show_bug.cgi?id=1212187 * https://bugzilla.suse.com/show_bug.cgi?id=1212222 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:21 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:21 -0000 Subject: SUSE-RU-2023:2740-1: moderate: Recommended update for dracut Message-ID: <168812822101.5149.9883862048533765125@smelt2.suse.de> # Recommended update for dracut Announcement ID: SUSE-RU-2023:2740-1 Rating: moderate References: * #1212662 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has one recommended fix can now be installed. ## Description: This update for dracut fixes the following issues: * Update to version 055+suse.366.g14047665 * Continue parsing if ldd prints "cannot execute binary file" (bsc#1212662) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2740=1 openSUSE-SLE-15.5-2023-2740=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2740=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 * dracut-tools-055+suse.366.g14047665-150500.3.6.1 * dracut-debuginfo-055+suse.366.g14047665-150500.3.6.1 * dracut-fips-055+suse.366.g14047665-150500.3.6.1 * dracut-055+suse.366.g14047665-150500.3.6.1 * dracut-debugsource-055+suse.366.g14047665-150500.3.6.1 * dracut-ima-055+suse.366.g14047665-150500.3.6.1 * dracut-extra-055+suse.366.g14047665-150500.3.6.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * dracut-debuginfo-055+suse.366.g14047665-150500.3.6.1 * dracut-fips-055+suse.366.g14047665-150500.3.6.1 * dracut-055+suse.366.g14047665-150500.3.6.1 * dracut-debugsource-055+suse.366.g14047665-150500.3.6.1 * dracut-ima-055+suse.366.g14047665-150500.3.6.1 * dracut-mkinitrd-deprecated-055+suse.366.g14047665-150500.3.6.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1212662 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 12:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 12:30:22 -0000 Subject: SUSE-RU-2023:2268-2: moderate: Recommended update for javaparser Message-ID: <168812822278.5149.3665785028070413320@smelt2.suse.de> # Recommended update for javaparser Announcement ID: SUSE-RU-2023:2268-2 Rating: moderate References: Affected Products: * openSUSE Leap 15.5 An update that contains one feature can now be installed. ## Description: This update for javaparser fixes the following issues: Version update from 3.24.2 to 3.25.1 (jsc#SLE-23217): * API or Behaviour Change: * Fix: Unexpected exception when solving type inside an Anonymous class * Improved search for functional interfaces * For the full list of bug fixes and changes please consult the upstream release notes for each version: * 3.25.1: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.25.1 * 3.25.0: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.25.0 * 3.24.10: https://github.com/javaparser/javaparser/releases/tag/v_snapshot_e2590f3 * 3.24.9: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.9 * 3.24.8: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.8 * 3.24.7: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.7 * 3.24.3: https://github.com/javaparser/javaparser/releases/tag/javaparser- parent-3.24.3 ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2268=1 ## Package List: * openSUSE Leap 15.5 (noarch) * javaparser-3.25.1-150200.3.7.11 * javaparser-javadoc-3.25.1-150200.3.7.11 ## References: * https://jira.suse.com/browse/SLE-23217 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:03 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:03 -0000 Subject: SUSE-SU-2023:2755-1: important: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Message-ID: <168814260347.30252.11153154315430129742@smelt2.suse.de> # Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4) Announcement ID: SUSE-SU-2023:2755-1 Rating: important References: * #1207189 * #1209672 * #1210452 * #1210989 Cross-References: * CVE-2022-4744 * CVE-2023-23455 * CVE-2023-28466 * CVE-2023-31436 CVSS scores: * CVE-2022-4744 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-4744 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-23455 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2023-28466 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-28466 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-31436 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues. The following security issues were fixed: * CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). * CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207189). * CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). * CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2755=1 ## Package List: * SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64) * kernel-livepatch-SLE15-SP4_Update_1-debugsource-12-150400.2.3 * kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-12-150400.2.3 * kernel-livepatch-5_14_21-150400_24_11-default-12-150400.2.3 ## References: * https://www.suse.com/security/cve/CVE-2022-4744.html * https://www.suse.com/security/cve/CVE-2023-23455.html * https://www.suse.com/security/cve/CVE-2023-28466.html * https://www.suse.com/security/cve/CVE-2023-31436.html * https://bugzilla.suse.com/show_bug.cgi?id=1207189 * https://bugzilla.suse.com/show_bug.cgi?id=1209672 * https://bugzilla.suse.com/show_bug.cgi?id=1210452 * https://bugzilla.suse.com/show_bug.cgi?id=1210989 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:08 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:08 -0000 Subject: SUSE-SU-2023:2754-1: moderate: Security update for libvirt Message-ID: <168814260803.30252.5895515271328225451@smelt2.suse.de> # Security update for libvirt Announcement ID: SUSE-SU-2023:2754-1 Rating: moderate References: * #1191668 * #1197636 * #1209861 Cross-References: * CVE-2022-0897 CVSS scores: * CVE-2022-0897 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2022-0897 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: * SUSE Enterprise Storage 7 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability and has two fixes can now be installed. ## Description: This update for libvirt fixes the following issues: * CVE-2022-0897: Fixed crash when counting number of network filters (bsc#1197636). Bug fixes: * qemu: Fixed potential crash during driver cleanup (bsc#1209861). * libxl: Marked auto-allocated graphics ports to used on reconnect. * libxl: Released all auto-allocated graphics ports (bsc#1191668). * libxl: Added lock process indicator to saved VM state (bsc#1191668). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-2754=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-2754=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-2754=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-2754=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libvirt-client-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-6.0.0-150200.13.27.1 * libvirt-daemon-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-hooks-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-6.0.0-150200.13.27.1 * libvirt-libs-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-6.0.0-150200.13.27.1 * libvirt-devel-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-6.0.0-150200.13.27.1 * libvirt-nss-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-6.0.0-150200.13.27.1 * libvirt-daemon-qemu-6.0.0-150200.13.27.1 * libvirt-client-debuginfo-6.0.0-150200.13.27.1 * libvirt-nss-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-6.0.0-150200.13.27.1 * libvirt-daemon-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-6.0.0-150200.13.27.1 * libvirt-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-admin-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-6.0.0-150200.13.27.1 * libvirt-debugsource-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-config-nwfilter-6.0.0-150200.13.27.1 * libvirt-daemon-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-config-network-6.0.0-150200.13.27.1 * libvirt-admin-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-150200.13.27.1 * libvirt-libs-debuginfo-6.0.0-150200.13.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * libvirt-doc-6.0.0-150200.13.27.1 * libvirt-bash-completion-6.0.0-150200.13.27.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (x86_64) * libvirt-daemon-driver-libxl-6.0.0-150200.13.27.1 * libvirt-daemon-driver-libxl-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-xen-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * libvirt-client-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-6.0.0-150200.13.27.1 * libvirt-daemon-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-hooks-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-6.0.0-150200.13.27.1 * libvirt-libs-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-6.0.0-150200.13.27.1 * libvirt-devel-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-6.0.0-150200.13.27.1 * libvirt-nss-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-qemu-6.0.0-150200.13.27.1 * libvirt-nss-debuginfo-6.0.0-150200.13.27.1 * libvirt-client-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-6.0.0-150200.13.27.1 * libvirt-daemon-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-6.0.0-150200.13.27.1 * libvirt-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-admin-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-6.0.0-150200.13.27.1 * libvirt-debugsource-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-config-nwfilter-6.0.0-150200.13.27.1 * libvirt-daemon-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-config-network-6.0.0-150200.13.27.1 * libvirt-admin-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-150200.13.27.1 * libvirt-libs-debuginfo-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * libvirt-doc-6.0.0-150200.13.27.1 * libvirt-bash-completion-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (x86_64) * libvirt-daemon-driver-libxl-6.0.0-150200.13.27.1 * libvirt-daemon-driver-libxl-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-xen-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * libvirt-client-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-6.0.0-150200.13.27.1 * libvirt-daemon-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-hooks-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-6.0.0-150200.13.27.1 * libvirt-libs-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-6.0.0-150200.13.27.1 * libvirt-devel-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-6.0.0-150200.13.27.1 * libvirt-nss-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-qemu-6.0.0-150200.13.27.1 * libvirt-nss-debuginfo-6.0.0-150200.13.27.1 * libvirt-client-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-6.0.0-150200.13.27.1 * libvirt-daemon-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-6.0.0-150200.13.27.1 * libvirt-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-admin-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-6.0.0-150200.13.27.1 * libvirt-debugsource-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-config-nwfilter-6.0.0-150200.13.27.1 * libvirt-daemon-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-config-network-6.0.0-150200.13.27.1 * libvirt-admin-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-150200.13.27.1 * libvirt-libs-debuginfo-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * libvirt-doc-6.0.0-150200.13.27.1 * libvirt-bash-completion-6.0.0-150200.13.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (x86_64) * libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-libxl-6.0.0-150200.13.27.1 * libvirt-daemon-xen-6.0.0-150200.13.27.1 * libvirt-daemon-driver-libxl-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-6.0.0-150200.13.27.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * libvirt-client-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-6.0.0-150200.13.27.1 * libvirt-daemon-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-hooks-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-6.0.0-150200.13.27.1 * libvirt-libs-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-6.0.0-150200.13.27.1 * libvirt-devel-6.0.0-150200.13.27.1 * libvirt-daemon-driver-network-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-core-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-mpath-6.0.0-150200.13.27.1 * libvirt-daemon-driver-qemu-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-6.0.0-150200.13.27.1 * libvirt-nss-6.0.0-150200.13.27.1 * libvirt-daemon-driver-secret-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-6.0.0-150200.13.27.1 * libvirt-daemon-qemu-6.0.0-150200.13.27.1 * libvirt-client-debuginfo-6.0.0-150200.13.27.1 * libvirt-nss-debuginfo-6.0.0-150200.13.27.1 * libvirt-lock-sanlock-6.0.0-150200.13.27.1 * libvirt-daemon-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nodedev-6.0.0-150200.13.27.1 * libvirt-6.0.0-150200.13.27.1 * libvirt-daemon-driver-lxc-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-interface-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-150200.13.27.1 * libvirt-admin-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-logical-6.0.0-150200.13.27.1 * libvirt-debugsource-6.0.0-150200.13.27.1 * libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-config-nwfilter-6.0.0-150200.13.27.1 * libvirt-daemon-lxc-6.0.0-150200.13.27.1 * libvirt-daemon-config-network-6.0.0-150200.13.27.1 * libvirt-admin-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-150200.13.27.1 * libvirt-libs-debuginfo-6.0.0-150200.13.27.1 * SUSE Enterprise Storage 7 (noarch) * libvirt-doc-6.0.0-150200.13.27.1 * libvirt-bash-completion-6.0.0-150200.13.27.1 * SUSE Enterprise Storage 7 (x86_64) * libvirt-daemon-driver-libxl-6.0.0-150200.13.27.1 * libvirt-daemon-driver-libxl-debuginfo-6.0.0-150200.13.27.1 * libvirt-daemon-xen-6.0.0-150200.13.27.1 ## References: * https://www.suse.com/security/cve/CVE-2022-0897.html * https://bugzilla.suse.com/show_bug.cgi?id=1191668 * https://bugzilla.suse.com/show_bug.cgi?id=1197636 * https://bugzilla.suse.com/show_bug.cgi?id=1209861 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:10 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:10 -0000 Subject: SUSE-SU-2023:2753-1: important: Security update for terraform-provider-null Message-ID: <168814261008.30252.13784684057004675311@smelt2.suse.de> # Security update for terraform-provider-null Announcement ID: SUSE-SU-2023:2753-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update of terraform-provider-null fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2753=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2753=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2753=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2753=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2753=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2753=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2753=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-null-3.0.0-150200.6.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:11 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:11 -0000 Subject: SUSE-SU-2023:2752-1: important: Security update for terraform-provider-helm Message-ID: <168814261198.30252.10078785933198876276@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:2752-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2752=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2752=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2752=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2752=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2752=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2752=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2752=1 ## Package List: * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150200.6.12.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:13 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:13 -0000 Subject: SUSE-SU-2023:2751-1: important: Security update for terraform-provider-aws Message-ID: <168814261398.30252.16358104841862367151@smelt2.suse.de> # Security update for terraform-provider-aws Announcement ID: SUSE-SU-2023:2751-1 Rating: important References: * #1206346 Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * Public Cloud Module 15-SP2 * Public Cloud Module 15-SP3 * Public Cloud Module 15-SP4 * Public Cloud Module 15-SP5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.1 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.1 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.1 * SUSE Manager Server 4.2 * SUSE Manager Server 4.3 * SUSE Package Hub 15 15-SP5 An update that has one fix can now be installed. ## Description: This update of terraform-provider-aws fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2751=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2751=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2751=1 * Public Cloud Module 15-SP2 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-2751=1 * Public Cloud Module 15-SP3 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-2751=1 * Public Cloud Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-2751=1 * Public Cloud Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-2751=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * Public Cloud Module 15-SP2 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * Public Cloud Module 15-SP3 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * Public Cloud Module 15-SP4 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 * Public Cloud Module 15-SP5 (aarch64 ppc64le s390x x86_64) * terraform-provider-aws-3.11.0-150200.6.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:15 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:15 -0000 Subject: SUSE-SU-2023:2750-1: important: Security update for terraform-provider-helm Message-ID: <168814261574.30252.3341216567229578915@smelt2.suse.de> # Security update for terraform-provider-helm Announcement ID: SUSE-SU-2023:2750-1 Rating: important References: * #1206346 Affected Products: * Public Cloud Module 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Manager Proxy 4.0 * SUSE Manager Retail Branch Server 4.0 * SUSE Manager Server 4.0 An update that has one fix can now be installed. ## Description: This update of terraform-provider-helm fixes the following issues: * rebuild the package with the go 1.20 security release (bsc#1206346). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Public Cloud Module 15-SP1 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-2750=1 ## Package List: * Public Cloud Module 15-SP1 (aarch64 ppc64le s390x x86_64) * terraform-provider-helm-2.9.0-150100.3.8.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1206346 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:17 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:17 -0000 Subject: SUSE-SU-2023:2749-1: moderate: Security update for iniparser Message-ID: <168814261775.30252.6536713440834064606@smelt2.suse.de> # Security update for iniparser Announcement ID: SUSE-SU-2023:2749-1 Rating: moderate References: * #1211889 Cross-References: * CVE-2023-33461 CVSS scores: * CVE-2023-33461 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2023-33461 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * Server Applications Module 15-SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for iniparser fixes the following issues: * CVE-2023-33461: Fixed NULL pointer dereference in iniparser_getboolean() (bsc#1211889). ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2749=1 openSUSE-SLE-15.5-2023-2749=1 * Server Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP5-2023-2749=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * iniparser-debugsource-4.1-150500.4.3.1 * libiniparser1-debuginfo-4.1-150500.4.3.1 * libiniparser-devel-4.1-150500.4.3.1 * libiniparser1-4.1-150500.4.3.1 * openSUSE Leap 15.5 (x86_64) * libiniparser1-32bit-debuginfo-4.1-150500.4.3.1 * libiniparser1-32bit-4.1-150500.4.3.1 * openSUSE Leap 15.5 (aarch64_ilp32) * libiniparser1-64bit-4.1-150500.4.3.1 * libiniparser1-64bit-debuginfo-4.1-150500.4.3.1 * Server Applications Module 15-SP5 (ppc64le x86_64) * iniparser-debugsource-4.1-150500.4.3.1 * libiniparser1-debuginfo-4.1-150500.4.3.1 * libiniparser1-4.1-150500.4.3.1 ## References: * https://www.suse.com/security/cve/CVE-2023-33461.html * https://bugzilla.suse.com/show_bug.cgi?id=1211889 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:19 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:19 -0000 Subject: SUSE-RU-2023:2748-1: moderate: Recommended update for libpulp Message-ID: <168814261926.30252.8968421071349854865@smelt2.suse.de> # Recommended update for libpulp Announcement ID: SUSE-RU-2023:2748-1 Rating: moderate References: Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Live Patching 15-SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that can now be installed. ## Description: This update for libpulp fixes the following issues: * Update package with libpulp-0.2.11 * Avoid warning on symbol read of processes which user do not have access * Fix a bug in livepatch installation counting * Fix a warning message of library not loaded when reverting all patches when the library is loaded * Fix a crash when `patches` is called with invalid PID * Enable batch processing for patching a single process via PID ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2748=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2748=1 * SUSE Linux Enterprise Live Patching 15-SP4 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-2748=1 * SUSE Linux Enterprise Live Patching 15-SP5 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2023-2748=1 ## Package List: * openSUSE Leap 15.4 (x86_64) * libpulp-debuginfo-0.3.0-150400.3.20.1 * libpulp0-0.3.0-150400.3.20.1 * libpulp-tools-debuginfo-0.3.0-150400.3.20.1 * libpulp-debugsource-0.3.0-150400.3.20.1 * libpulp0-debuginfo-0.3.0-150400.3.20.1 * libpulp-tools-0.3.0-150400.3.20.1 * openSUSE Leap 15.5 (x86_64) * libpulp-debuginfo-0.3.0-150400.3.20.1 * libpulp0-0.3.0-150400.3.20.1 * libpulp-tools-debuginfo-0.3.0-150400.3.20.1 * libpulp-debugsource-0.3.0-150400.3.20.1 * libpulp0-debuginfo-0.3.0-150400.3.20.1 * libpulp-tools-0.3.0-150400.3.20.1 * SUSE Linux Enterprise Live Patching 15-SP4 (x86_64) * libpulp-debuginfo-0.3.0-150400.3.20.1 * libpulp0-0.3.0-150400.3.20.1 * libpulp-tools-debuginfo-0.3.0-150400.3.20.1 * libpulp-debugsource-0.3.0-150400.3.20.1 * libpulp0-debuginfo-0.3.0-150400.3.20.1 * libpulp-tools-0.3.0-150400.3.20.1 * SUSE Linux Enterprise Live Patching 15-SP5 (x86_64) * libpulp-debuginfo-0.3.0-150400.3.20.1 * libpulp0-0.3.0-150400.3.20.1 * libpulp-tools-debuginfo-0.3.0-150400.3.20.1 * libpulp-debugsource-0.3.0-150400.3.20.1 * libpulp0-debuginfo-0.3.0-150400.3.20.1 * libpulp-tools-0.3.0-150400.3.20.1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From sle-updates at lists.suse.com Fri Jun 30 16:30:22 2023 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 30 Jun 2023 16:30:22 -0000 Subject: SUSE-RU-2023:2747-1: moderate: Recommended update for wicked Message-ID: <168814262215.30252.2678040004625029456@smelt2.suse.de> # Recommended update for wicked Announcement ID: SUSE-RU-2023:2747-1 Rating: moderate References: * #1194557 * #1203300 * #1206674 * #1211026 * #1211647 Affected Products: * Basesystem Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that has five recommended fixes can now be installed. ## Description: This update for wicked fixes the following issues: * Update to version 0.6.73 * Handle ENOBUFS sending errors (bsc#1203300) * Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) * Cleanup /var/run leftovers in extension scripts (bsc#1194557) * extensions/nbft: add post-up script (bsc#1211647) * Workaround 6.1 kernel enslave regression (bsc#1206674) ## Patch Instructions: To install this SUSE Moderate update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2023-2747=1 openSUSE-SLE-15.5-2023-2747=1 * Basesystem Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP5-2023-2747=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * wicked-service-0.6.72-150500.3.7.1 * wicked-debugsource-0.6.72-150500.3.7.1 * wicked-nbft-0.6.72-150500.3.7.1 * wicked-0.6.72-150500.3.7.1 * wicked-debuginfo-0.6.72-150500.3.7.1 * Basesystem Module 15-SP5 (aarch64 ppc64le s390x x86_64) * wicked-service-0.6.72-150500.3.7.1 * wicked-debugsource-0.6.72-150500.3.7.1 * wicked-nbft-0.6.72-150500.3.7.1 * wicked-0.6.72-150500.3.7.1 * wicked-debuginfo-0.6.72-150500.3.7.1 ## References: * https://bugzilla.suse.com/show_bug.cgi?id=1194557 * https://bugzilla.suse.com/show_bug.cgi?id=1203300 * https://bugzilla.suse.com/show_bug.cgi?id=1206674 * https://bugzilla.suse.com/show_bug.cgi?id=1211026 * https://bugzilla.suse.com/show_bug.cgi?id=1211647 -------------- next part -------------- An HTML attachment was scrubbed... URL: